Ransomware Attack Disrupts City of Coon Rapids Services and Exposes Data

Incident Date:

June 29, 2024

World map



Ransomware Attack Disrupts City of Coon Rapids Services and Exposes Data


City Of Coon Rapids


Inc Ransom


Coon Rapids, USA

Minnesota, USA

First Reported

June 29, 2024

Ransomware Attack on City of Coon Rapids by INC Ransom

Overview of the City of Coon Rapids

The City of Coon Rapids, located in Anoka County, Minnesota, is a significant municipal entity within the Minneapolis–Saint Paul metropolitan area. With a population exceeding 62,000, it is the sixth-largest city in the state. Incorporated in 1952, Coon Rapids provides a comprehensive range of services to its residents, including public safety, public works, community development, parks and recreation, environmental services, administrative services, community services, and public information. The city is known for its extensive park system, featuring over 60 parks and 35 miles of trails, and the Coon Rapids Dam Regional Park along the Mississippi River.

Details of the Ransomware Attack

On July 1, 2024, the City of Coon Rapids fell victim to a ransomware attack orchestrated by the notorious INC Ransomgroup. The attack was publicly claimed by the group on their dark web leak site. While the exact size of the data leak remains undisclosed, The group has estimated the city's revenue at $40.9 million, indicating the potential scale of the breach. The attack has raised significant concerns about the security of municipal services and the potential impact on the city's operations and residents.

About INC Ransom

INC Ransom is a highly sophisticated cybercriminal group known for its targeted ransomware attacks on various sectors, including healthcare, education, government entities, and technology companies. The group employs advanced techniques such as spear-phishing campaigns, exploiting vulnerabilities like CVE-2023-3519 in Citrix NetScaler, and using both Commercial Off-The-Shelf (COTS) software and legitimate system tools for reconnaissance and lateral movement within networks.

Potential Vulnerabilities and Attack Penetration

The City of Coon Rapids, like many municipal entities, operates a complex network of services and systems, making it a lucrative target for ransomware groups. Potential vulnerabilities could include outdated software, insufficient cybersecurity measures, and a lack of employee training on recognizing phishing attempts. INC_RANSOM likely penetrated the city's systems through a combination of these vulnerabilities, leveraging their expertise in exploiting known software flaws and conducting sophisticated phishing campaigns to gain initial access. Once inside, the group would have used legitimate system tools to move laterally within the network, identifying and exfiltrating sensitive data before deploying their ransomware payload.

Impact on the City of Coon Rapids

The ransomware attack on the City of Coon Rapids has significant implications for the city's operations and its residents. Public safety services, including police and fire departments, public works, community development, and other essential services, could be disrupted. The potential exposure of sensitive data also raises concerns about privacy and the security of personal information. The city will need to undertake extensive efforts to recover from the attack, including restoring systems, enhancing cybersecurity measures, and addressing any data breaches.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.