For optimal browsing, we recommend Chrome, Firefox or Safari browsers.
Shutterstock
(TNS) — Albemarle County authorities have identified the extortion operation behind the June cyberattack attack that took down the internet in county offices and may have exposed both government employee and county resident data.
INC Ransom was behind the attack, according to county spokeswoman Abbey Stumpf.
‘Cybersecurity incident’ blamed for Albemarle County internet outage
Albemarle County government buildings remain without internet after what officials are now calling a “cybersecurity incident.”
Stumpf said she could not provide any more information due to an ongoing criminal investigation.
The county has been tightlipped since the attack.
On Thursday, exactly one month after the attack, the county announced that what it had been describing only as a “cybersecurity incident” since June 12 was in fact a ransomware attack.
Ransomware is a type of malicious software that restricts access to computer files and then demands a ransom payment for their release.
INC Ransom, sometimes known as Inc. Ransom or simply INC, is likely linked to Russia and runs an extortion operation that steals victims’ data, threatens to leak it if not paid and offers to make the victims’ systems more secure in return for payment. INC Ransom has been behind more than 230 attacks, targeting hospitals, schools, technology companies and governments since it emerged in July 2023.
Stumpf said in her statement Thursday that “the ransom was not paid to the cybercriminals” and the personal data of county residents and employees had likely been accessed.
“The data that was illegally accessed may include information, including name, date of birth, Social Security numbers, and other similar identifiers,” reads Stumpf’s statement. “Currently, there is no evidence to suggest that the information is being used for harm.”
Stumpf said that the evidence indicates that only data from local servers was involved, and no data held on cloud-based systems was compromised.
While it appears “likely” that Albemarle County government and public school employees’ data was accessed, Stumpf said residents’ data only “may” have been accessed.
Stumpf said an investigation into the attack is ongoing with the aim of pinpointing exactly what and whose data was accessed.
Stumpf did not address Daily Progress inquiries regarding when employees and residents would be notified if their data was compromised, or why the county waited a month to share the news of the ransomware attack.
The county knew it was a ransomware attack the morning of June 11, and that the attack began the evening of June 10, according to Stumpf’s statement. She said the county notified the FBI, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and the Cyber Fusion Center of the Virginia State Police; all three agencies have been investigating the attack.
News of the attack was only announced after Albemarle County government office buildings lost internet on June 12, the same day that multiple internet providers in Central Virginia reported outages and search engine giant Google’s cloud crashed.
Stumpf did not address Daily Progress inquiries as to whether any or all of the outages were connected.
The county is offering free credit monitoring, fraud consultation and identity theft restoration services to Albemarle County residents and employees for the next 12 months through Kroll, a financial and risk advisory firm based in New York City.
“We recognize how important personal information is and take our responsibility to protect it seriously,” Albemarle County Executive Jeff Richardson said in a statement. “While we have no evidence that anyone’s personal information has been misused, we want our community to feel reassured and supported. Virginia law does not require us to take this step, but we believe it is our responsibility to go beyond the minimum.”
County employees and residents interested in using Kroll’s services can call Kroll directly at (866) 819-9798. To ask the county questions, employees and residents can call (434) 872-4572 or email askaquestion@albemarle.org.
Stumpf said that since the incident, Albemarle County has completed a comprehensive review of its systems and implemented additional safeguards.
More information can be found online at albemarle.org/cybersecurityincident.
© 2025 The Daily Progress, Charlottesville, Va. Distributed by Tribune Content Agency, LLC.
Never miss a story with the GovTech Today newsletter.
Copyright 2025 Remote Security. All Rights Reserved
