City of Cocoa Declares Emergency After Ransomware Attack Disrupts City Services

A cyberattack incapacitated important government information systems in the City of Cocoa in Florida’s Atlantic Coast, leading the city to declare a state of emergency due to continuous serious “technical problems.”

A cybercriminal group by the name INC Ransom accepted being responsible for the attack and has added the City of Cocoa to its leak site on the dark web. On February 23, INC Ransom posted the name of the city along with proof of the attack in the form of some leaked documents.

Experts in security say that this information leads them to believe that the disruption is a ransomware incident in which the hackers have locked up computer systems and demand payments in order to restore access to those systems.

How the Attack is Affecting Everyday City Services

The City Council has issued an emergency declaration, allowing the city to quickly obtain funds and resources for the recovery of systems and a complete forensic investigation of the systems. Residents are experiencing the effects of the attack firsthand and are highly frustrated.

The attack impacted the following key services:

• Cash payments cannot be processed because the water billing systems are offline.
• Online customer service requests, such as turning water service on or off, are not working.
• Residents can only submit paper applications in person at City Hall to receive a majority of services.

These disruptions mirror those seen in the Istanbul City app breach, where millions of residents lost access to essential municipal services and had their private data exposed, a stark reminder that when city systems fall, citizens pay the price in lost time, privacy, and peace of mind.

However, City leaders have communicated to the public that emergency services have not experienced disruptions. All emergency services, the 911 dispatch center, are fully functional; however, the City’s overall network has been compromised.

Keeping the 911 and other emergency services lines open is typically the highest priority to both the City and the hackers in these types of cyberattacks.

Why Small Cities are Becoming Prime Targets

The attack on Cocoa is not an isolated event. It appears that there is a trend of increasing attacks on municipal governments by cyber criminals. Recently, attacks on municipal governments have occurred throughout North America, an attack on the New Britain City Hall network in January and ransomware attacks in Leduc County, Canada, and in the City of Santa Paula, California, all in December last year.

Small- and medium-sized cities are an ideal target because they hold a large amount of highly sensitive data regarding their citizens and deliver critical services. However, they have a much lower level of IT expenditures and cybersecurity staff compared to large companies.

As a result, the Cybersecurity and Infrastructure Security Agency (CISA) notes that local governments face extreme risk when a cyberattack brings water billing or permitting systems to a halt, because it creates chaos and thus demands a greater incentive for officials to pay the ransom.

The Hacker Group Behind the Attack

INC Ransom is behind the attacks and has focused on many well-known companies worldwide. They operate like a business, first stealing sensitive data, then encrypting it and threatening to publish it if the victim refuses to pay the ransom.

Recently, they have announced that they attacked some of the largest energy and construction companies, like ACWA Power (Saudi Arabia) and Larsen & Toubro (India), and leaked the stolen information on their dark web platform. Security analysts who follow these hacker groups have indicated that INC Ransom has become more active during the past twelve months.

This incident serves as a clear indication of attacks on our online systems. It reflects how fragile the digital infrastructure is in today’s community. For municipal governments, the risk of a catastrophic ransomware attack is now here, not down the road.