A ransomware attack has impacted the Albuquerque Bernalillo County government offices. 

Bernalillo County is New Mexico’s most populous county with more than 676,000 residents, and its government provides a wide range of public services to residents who live in Albuquerque, Los Ranchos and Tijeras and the 111,000 residents who live outside the village and city limits in the unincorporated areas of the county.

The county government buildings and public offices were closed on Wednesday across Albuquerque, Los Ranchos and Tijeras after the disruption occurred on January 5, county officials said in a press release

“Bernalillo County is continuing its assessment of suspected ransomware discovered on Bernalillo County systems. The county has taken affected systems offline and has severed network connections. The disruption likely occurred between Midnight and 5:30 a.m. on Jan. 5.,” the press release says.

Bernalillo County says emergency and public safety are in full operation, and 911 is operational with the Sheriff’s Office and Fire and Rescue responding to calls. In addition, vendors for county systems have been notified of the ransomware and are working to solve the issue and restore the system functions. 

“Ransomware is getting easier and easier to orchestrate as an attacker,” says Sam Jones, VP of Product Management, Stellar Cyber. “Operational downtime to critical public services will be the gravest by-product of these attacks, especially as they become more rampant. State and local governments are unfortunately perfect targets for attackers.”

Saryu Nayyar, CEO and Founder, Gurucul, says, “Despite widespread deployment of traditional SIEM, endpoint solutions and now Endpoint-based XDR, what has been lacking within most organizations that are victims of successful ransomware attacks is true behavioral-based modeling and detection within the infrastructure. The ability to characterize proper behaviors and user and application access with the right modeling and machine learning can lead to high-fidelity detection of deviations in “normal” behaviors and unusual access to systems that are often tell-tale signs of ransomware infections. The ability to bubble these types of alerts as high-priority when appropriate empowers security teams to investigate and detect ransomware much earlier to then respond and thwart a successful attack.”