When ransomware paralyzes a city
On March 20, 2026, Foster City (California, ~35,000 residents) declared a state of emergency after detecting suspicious activity on its computer systems. Nearly all municipal systems were taken offline, paralyzing public services for over a week.
Service impact
Permits and authorizations, online payment systems, municipal email, police administrative systems (911 remained operational), library lending, and all administration forced back to paper processes.
Why municipalities are ideal targets
- Insufficient security budget: no EDR, SIEM, or SOC teams
- Legacy infrastructure: obsolete OS, delayed updates
- Low downtime tolerance: pressure to pay ransom for quick restoration
- Sensitive data: personal information on all residents
The real cost
Beyond potential ransom: remediation consultants, weeks of degraded productivity, delayed resident services, crisis communications, and breach notification compliance.
Lessons for municipalities
- Business continuity plan: document manual fallback processes for each critical service
- Immutable backups: test restoration regularly, store backups offline
- Network segmentation: critical services (police, fire) on isolated segments
- Training: municipal employees are the first line of defense
- Cyber insurance: evaluate coverage needs
Recommended reading
These are affiliate links. If you make a purchase through these links, we may earn a commission at no extra cost to you.
- Cybersecurity Essentials: accessible, ideal for IT teams with limited resources.
- CompTIA Security+ SY0-701: practical security plans for small and medium organizations.
Sources
- Foster City State of Emergency - For The People
- March 2026 Data Breaches - SharkStriker
Advertisement