Skip to main content

A ransomware attack took a New Mexico jail offline, leaving inmates in lockdown

A ransomware attack took a New Mexico jail offline, leaving inmates in lockdown


The attack knocked out security cameras and automatic doors in the detention center in Bernalillo County, triggering a crisis response

Share this story

Illustration by Alex Castro / The Verge

A ransomware attack last week has left an Albuquerque area jail without access to its camera feeds and rendered automatic door mechanisms unusable. Inmates have been confined to their cells as a result, while technicians struggled to bring systems back online.

As first reported by Source New Mexico, visitor access to the Metropolitan Detention Center was completely suspended as the jail was put into lockdown. All internet services at the jail were also knocked offline, leaving staff unable to look up inmate records.

All county internet services at the jail were also knocked offline, leaving staff unable to look up inmate records

Based on the lack of camera coverage, all inmates within the facility were placed on lockdown from the morning of January 5th. Further, according to an emergency notice filed by the county, the incident tracking database containing all reports of fighting, use of force, and allegations of sexual assault was not available and is believed to be corrupted by the attack.

“In the early morning of January 5, 2022, the automatic door mechanisms at MDC were unusable, meaning that staff had to use keys to manually open facility doors,” wrote Taylor Rahn, an attorney for the county, in a court notice related to the lockdown. “One of the most concerning impacts of the cyber attack is that MDC is unable to access facility cameras. As of the evening of January 5th, there was no access to cameras within the facility.”

The detention center was just one point of impact in a larger ransomware attack that struck Bernalillo County, the most populous county in New Mexico, on January 5th. County employees were left unable to access any local government databases, and all public offices were temporarily closed. A press release dated January 10th noted that county office headquarters were still only partially re-opened.

The unexpected lockdown put the jail in potential violation of the terms of a settlement in a lawsuit over conditions of confinement, forcing Bernalillo County to file an emergency notice in federal court. A settlement agreement from a 1995 lawsuit required county jails to adopt new protocols in response to broader complaints about overcrowding and other conditions, including a guarantee that inmates are given regular access to telephones and other communications devices.

But the total failure of the jail’s internal computer network could force the facility to violate that agreement.

“[L]imited out of cell time may have an impact on inmates’ ability to access telephones and tablets,” the emergency filing says. “Further, depending on the length of the impact of the attack, County Defendant may be unable to gather data required by the Settlement Agreement.”

Contacted by telephone, Rahn’s office said she was not immediately available for comment. Email and voicemail messages sent to Bernalillo County officials had not been answered at time of press.

Ransomware is increasingly seen as one of the top threats facing both private businesses and government institutions across the US. Last year the Department of Justice created the Ransomware and Digital Extortion Task Force to coordinate information sharing between DOJ divisions and with outside agencies, signaling a new approach to tackling the problem. Nonetheless, reports from the US Treasury estimate that ransomware payouts for 2021 will still top all previous records.

Correction: An earlier version of the story stated that the cyberattack’s impact on the jail was first reported by the Albuquerque Journal. In fact, Source New Mexico broke the news. We regret the error.