The alarming pace at which we keep getting the news of ransomware attacks gives a feeling that it has already gone out of control. Though there are guidelines to the enterprises the legal mandate with regards the breach communication to the regulatory agency, there is no mandate as to what they are legally bound to make known to the concerned / public and how fast. In its absence the enterprises take their own sweet time to make the breach public. Lack of information or its need based sharing once again plays in the hands of the ransomware gangs.To cut the long story short, the victim enterprise and the investigative agency have a torrid and nothing much comes out of it.
What a weird story and it happens every time. Is this the new normal or the normal? The city systems were breached on October 31, 2024 and the news report dated 27th May 2025 talks of it. What is the fate of the local self government, it happened a few years back with a few of these. The Wisconsin city of Sheboygan warned about 67,000 people that a ransomware attack in October 2024 gave hackers access to their personal information. The breach notification letters were filed only on Friday, what purpose does it serve. It can also happen to a large number of local self governments or enterprises and you would come to know of it only after a few months.
It is a vitiated breach communication / reaction / sharing and remediation ecosystem. Officials of the city had hired a cyber security firm that concluded on May 14, 2025, that the data was stolen. Sheboygan has previously acknowledged that a ransomware gang had taken credit for the attack, but there was no evidence that the hackers stole sensitive data. In November itself, just after the hack by a gang called Chort, which had shared a list of file archives and demanded a ransom, the incident was reported to law enforcement and in a crazy laid back approach they were “incorporating their guidance,” in their response to the incident.
It was not limited to this particular town. Sheboygan is one of the several government bodies in Wisconsin to be targeted by ransomware gangs over the last two years. Inspite of the the rampant nature of attacks in that area, the response under the given circumstances cannot be called professional. Chort has claimed to have hacked multiple state institutions including Kuwait’s Public Authority of Agriculture and Fish Resources, a public school in Georgia and others. New York’s Hartwick College was also named on the gang’s leaked site. Breached in October 2024, as per the breach notification letters to more than 4800 victims.
TREATING RANSOMWARE ATTACK AS A NORMAL CYBER CRIME CAN LEAD US INTO PRECARIOUS AND UNMANAGEABLE SITUATIONS.
Sanjay Sahay
Have a nice evening.