Ransomware attacks on two municipal governments have been claimed by a notorious cybercriminal operation responsible for dozens of high-profile incidents in 2024. 

On Monday, the RansomHub operation took credit for damaging attacks on the city of Coppell, Texas, and the Minneapolis Park and Recreation Board. 

Both organizations have reported widespread technology issues in recent weeks that caused significant problems for local residents. 

The city of Coppell — home to more than 40,000 people and located about 30 minutes north of Dallas — released public notices of technology issues on October 23. The city said it was “experiencing an outage with our internet and several other systems across the City” making several systems unavailable.

WiFi at city facilities was brought down by the attack alongside library services, platforms for permits and inspections, and Municipal Court operations. 

City government phone systems were restored by November 1 but local libraries were not back up and running until November 15. Platforms for utility bills were restored on November 14 but the city extended payment deadlines and said no late fees or service shut offs would occur. 

Several other city operations were reopened by November 20. City Manager Mike Land said that data on one server “may have included partial, and potentially outdated, individual and vendor information.” 

“We understand our responsibility to protect the information we receive and maintain, and we are working diligently to investigate, resolve this incident, and assist those impacted,” said Land.

The city added that it “will continue to learn more about the incident, its root cause, and who specifically may have been impacted.”

Coppell is just the latest city in Texas affected by a cyberattack, following recent incidents involving Dallas, Fort Worth, Richardson and others. 

In Minneapolis: ‘unfortunate’ incident

The other incident claimed by RansomHub was addressed last week by the Minneapolis Park and Recreation Board. The agency has existed since 1883, managing 7,059 acres of parkland and water used by 30 million visitors each year.  

The board recently warned city residents that its technology systems “were attacked by an unknown person or persons” last Wednesday. 

“The MPRB ITS department immediately took action to prevent further impacts. MPRB phone lines are down and MPRB staff are working to determine what information may have been breached/accessed,” the organization said. 

“The MPRB is alerting the public that their technology systems were attacked, they are experiencing a system-wide phone outage, and they are working to resolve this issue as soon as possible. For any calls that require a Park Police or Minneapolis Police response, the public should call 911. It is unfortunate that these types of cyber-attacks are now common throughout the private and public sectors.”

Minneapolis was impacted by a ransomware attack on its school system last year in a high-profile incident that exposed sensitive student information to the dark web. 

In addition to the Texas and Minnesota incidents, RansomHub said on Monday that it had attacked two U.S. schools.

The group has quickly taken the place of other defunct cybercriminal operations this year launching hundreds of attacks on airports, healthcare organizations, manufacturing companies and critical infrastructure. 

In August, U.S. law enforcement agencies said about 210 organizations had been victimized by the group since February. 

The group initially emerged in the aftermath of the ransomware attack on UnitedHealth Group — which involved information on nearly a third of all Americans. When another ransomware gang folded due to law enforcement action, the hackers turned to RansomHub, which offered the data for sale.

Since then the group has taken credit for several high-profile attacks on telecom giant Frontier, Rite Aid, British auction house Christie’s, the city of Columbus, Ohio and one of the oldest credit unions in the U.S.