Ransomware Hits Local Law Enforcement in Oklahoma and Massachusetts

Local law enforcement agencies in Cleveland County, Oklahoma and the city of Attleboro, Massachusetts are responding to cyber incidents that disrupted internal IT systems but did not halt emergency services. In Cleveland County, the Sheriff’s Office disclosed a ransomware attack that impacted portions of its internal computer environment while deputies continued responding to 911 calls. In Attleboro, a separate cyberattack forced city and police IT systems offline, knocking out email across departments and shifting some processes to manual, paper-based workflows. These events reflect attackers’ ongoing focus on local governments and police departments, aligning with MITRE ATT&CK T1486 (Data Encrypted for Impact) and T1490 (Inhibit System Recovery). The Cleveland County Sheriff’s Office reported that county IT teams are working to resolve the ransomware incident and assess its full scope, with no ransomware group yet claiming responsibility. In Attleboro, officials stated that emergency dispatch remains operational but non-emergency phone lines and citywide email are currently unavailable, while City Hall staff fall back to offline payments and paper forms. Both jurisdictions are coordinating with cybersecurity experts and, in Attleboro’s case, federal agencies and cyber insurance providers to contain the incidents, investigate and restore systems. Operationally, the attacks highlight the fragility of local government IT and its criticality for public safety functions. Even when 911 and dispatch systems remain functional, loss of email, records systems and non-emergency channels slows response, complicates coordination with neighboring jurisdictions, and may delay court, administrative and citizen services. For law enforcement, ransomware can also affect access to case files, evidence systems and jail management tools, increasing the risk of procedural errors and legal challenges. Local agencies should treat these incidents as a call to strengthen cyber hygiene, segmentation and incident response readiness across public safety networks. Recommended steps include isolating dispatch and 911 systems from general IT domains, maintaining offline and immutable backups of records and evidence systems, and implementing MFA and endpoint protection on all administrative workstations and servers. Regional mutual-aid frameworks should incorporate cyber incident contingencies, ensuring that neighboring jurisdictions can help absorb call volume or host critical services if a police department or city hall is offline for an extended period.