IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Bernalillo County, N.M., Systems Disrupted by Cyber Attack

New Mexico’s most heavily populated county was hit with an apparent ransomware attack early Wednesday morning. Many systems are shut down, but public safety services remain in operation.

New Mexico’s most heavily populated county was hit with an apparent ransomware attack early Wednesday morning, officials said in an announcement.

Bernalillo County encompasses a population of 676,000 residents and the state’s largest city, Albuquerque. County officials said they responded to the incident by taking impacted systems offline and severing network connections. The attack and response have left many county buildings shuttered, while employees work remotely to try to meet resident needs. Among the effects: the Metropolitan Detention Center suspended visitations.

“A lot of the computers are not working and so we're not able to provide some services to members of the public," said county communications director Tia Bland, per news station KOAT.

Public safety services are still operating, however, thanks to unspecified “backup contingencies,” according to the announcement. That includes 911 communications, fire and rescue operations and the Sheriff’s Office.

County personnel alerted system vendors to the incident, which officials believe occurred between midnight and 5:30 a.m. on Jan. 5. The vendors are reportedly “working to solve the issue and restore the system functions,” per a second announcement.

While the county has labeled the incident a “suspected ransomware attack,” KOB 4 reports that spokesperson Tom Thorpe said he was not aware of attackers listing any demands.

This isn’t the county’s only cyber troubles in recent memory. Officials discovered in 2019 that a scammer had successfully masqueraded as one of the county’s vendors to make off with payments meant for the firm. The fraudsters tricked the county’s accounts payable personnel into sending funds into a bank account owned by the criminals, rather than by the legitimate vendor, KOAT reported. The scheme diverted more than $447,000 into the wrong hands.

After discovering the crime, county officials sought to reduce the chance of a repeat event by improving security checks and staff training in the accounts payable department, as well as looking to reduce the amount of available online information about its vendors lists and agency contacts. CIO Robert Benavidez told KOAT at the time that the latter step was important because hackers could take advantage of such details to better impersonate firms. The scammers in the attack had used a convincingly forged deposit slip and check to trick staff.