BROWNSTOWN — The Jackson County Sheriff’s Department is facing a long road to recovery after a devastating ransomware attack paralyzed its entire digital infrastructure last week.
The breach, which officials believe originated from a malicious email, forced the department to wipe its systems and begin an exhaustive restoration process from scratch.
Lt. Adam Nicholson confirmed that the agency has maintained a strict “no-ransom” policy, opting to rebuild rather than fund the cybercriminals. “We pretty much have to start up from the ground up again,” Nicholson stated.
The attack effectively turned off the lights on the department’s modern capabilities. With the internal network, Wi-Fi, and all desktop computers inaccessible, law enforcement operations have reverted to manual workarounds:
County dispatchers have been operating out of the Seymour Police Department, using their systems to ensure emergency calls are still answered.
Officers have been forced to write police reports in basic Microsoft Word documents or on paper, as the centralized filing system remains offline.
IT support is currently in the process of wiping every affected device and replacing hardware that was “corrupted so bad it won’t be able to be used again.”
One of the most concerning aspects of the breach is the potential loss of critical records. Lt. Nicholson, who coordinates the Jackson County Sex Offender Registry, noted that it remains unclear if data stored on external hard drives will be recoverable.
The registry is a vital public safety tool used to track the residence and employment of convicted offenders. If the local files are unrecoverable, the department may face a significant administrative hurdle in reconstructing the database, though state-level backups typically exist through the Indiana Department of Correction.
The Anatomy of the Attack: The “Dormant” Virus
Investigators believe the malware entered the system via a phishing email. According to Nicholson, the virus appeared to be programmed with a “dormant” phase, sitting quiet for a day or two to bypass immediate detection before activating.
Once active, the ransomware moved laterally through the network. “It just went from one computer to the next… and just started tearing everything up,” Nicholson described.
Law enforcement agencies are increasingly targeted by “Ransomware-as-a-Service” (RaaS) groups. Because these agencies rely on time-sensitive data for public safety, hackers believe they are more likely to pay a ransom to restore order quickly.
Despite the disruption, local leaders expressed confidence in the recovery efforts. Jackson County Commissioners praised the cooperation between local, state, and federal partners.
The Sheriff’s Office hopes to have its primary report-filing system back online by this week.
