Alabama County hit by ransomware attack, government services shut down

Ransomware gang BlackSuit claimed responsibility for cyber attack earlier this month on the Cullman County Commission in Alabama.

In a November 7, 2024 Facebook post, the Commission announced it was the victim of a cyber attack that shut down the County Courthouse at around 4 a.m. Phone lines for the Revenue, Probate, and District Attorney’s offices were down. Online payments for property taxes and tag renewals were unavailable through the county’s website.

County Chairman Jeff Clemons told Cullman Daily that the FBI is involved and that the attack appeared to come from a foreign country.

Systems were restored on November 8, 2024, according to the Commission’s Facebook page.

Ransomware group BlackSuit claimed responsibility for the attack yesterday, adding the county to its leak site. Cullman County has not verified BlackSuit’s claim.

cullman county blacksuit ransomware

We do not know whether any data was stolen in the attack, how attackers breached the Commission’s network, if Cullman County paid a ransom, or how much BlackSuit demanded. Comparitech contacted Cullman County officials for comment and will update this article if it responds.

Who is BlackSuit?

BlackSuit first emerged in April 2023, and has a history of attacking critical industries like healthcare, government, and education. It’s a private operation and doesn’t employ a ransomware-as-a-service business model. BlackSuit often extorts victims twice: once for the decryption key to restore attacked systems, and again in exchange for not selling or publishing stolen data. The group has Russian lineage but hasn’t been attributed to a specific country.

We tracked 53 confirmed ransomware attacks claimed by BlackSuit since it first surfaced, compromising 2.3 million records.

Other recently confirmed BlackSuit attacks include those on Kansas city Hospice & Palliative Care, Northwestern Community Services Board in Virginia, and Marysville Schools in Ohio.

We logged another 110 unconfirmed attacks that were claimed by BlackSuit but not acknowledged by attackers.

Ransomware attacks on US government

Ransomware attacks on US government agencies and departments can steal data and lock down computer systems. The attacker then demands a ransom to delete the stolen data and in exchange for a key to recover infected systems. If the target doesn’t pay, it could take weeks or even months to restore systems, and people whose data was stolen are put at greater risk of fraud. Ransomware can disrupt everything from communications to billing, payroll, and online services.

Comparitech researchers recorded 77 confirmed ransomware attacks on US government entities at the local, state, and federal levels this year to date. 2024 has already surpassed 2023 in number of government records compromised by ransomware attacks (865,631 compared to 743,369).

Other recent attacks on local governments include those on Wexford County, MI (Embargo) and Sheboygan, WI (Chort).

About Cullman County Commission

Cullman County, Alabama is located between Huntsville and Birmingham. It has a population of 80,000 people. The Cullman County Commission the local government authority made up of a chairman and four district commissioners. Residents can use the Commission’s website to buy car tags, pay property taxes, check fines and court dates, and get government-issued documents including driver’s licenses, passports, marriage licenses, and permits.