Bernalillo County in New Mexico has recently suffered a ransomware attack. The attack subsequently caused the nearby Metropolitan Detention Center (MDC) to lockdown. With no internet connection, the MDC could not use automatic doors, security systems, or data systems, including the Incident Tracking System (ITS), a system where incident reports are created and stored, and the Offender Management System (OMS), a system housing prisoner account data. These systems were rendered inaccessible and were suspected to be corrupted. For safety reasons, inmates were stuck in their cells until the situation was under control. In addition, no visitors were allowed in the jail, including lawyers and family, which left some saying the situation violated the inmates’ constitutional rights.
Bernalillo County has taken steps to mitigate the issue and have asked for federal assistance as well. It is unclear who is behind the attack at this time, but more information should be revealed in the coming weeks. The county should consider adopting a defense-in-depth strategy moving forward to help better protect their systems and their data.