ANNAPOLIS, Md. — Anne Arundel County government buildings will stay closed Monday, February 24, 2025, as officials address a cyber incident of external origin disrupting public services since Saturday. The county announced the closure Sunday at 7 p.m., emphasizing system security amid an ongoing probe. Telework-eligible employees are directed to use Google or internet-based platforms remotely, while emergency and essential staff must report as usual after consulting supervisors.
The incident surfaced Saturday, triggering a response from the Anne Arundel County Office of Information Technology, public safety officials, and cybersecurity experts. A 5 p.m. update that day confirmed its external source, though the full impact remains under evaluation. “We are committed to providing timely and accurate updates as more information becomes available,” the county stated, directing residents to its official social media pages. By Sunday, precautions escalated, with a 12:30 p.m. update noting, “The county is taking the most proactive approach to ensure our systems are safe. Precautionary measures include limiting access to the Internet until we are able to return to full operations.” Experts predict a multi-day recovery, with no timeline set.
The closure spares some services. Senior Activity Centers will open, though AARP tax preparation is canceled. The Department of Aging and Disabilities’ Customer Service Centers will close, but staff will handle calls at (410) 222-4257 for Information and Assistance and (410) 222-3500 for Veterans Services Coordination. Recreation and Parks facilities, including regional parks, will remain accessible, while recycling centers and the landfill shut down. Curbside collection continues as scheduled. Anne Arundel County Public Schools and the Public Library system, unaffected, will operate normally.
This isn’t the region’s first brush with cyber threats. In July 2021, Leonardtown, a small town in nearby St. Mary’s County, fell victim to a global ransomware attack targeting Kaseya VSA software, used by its IT provider, ICS. The attack, linked to the REvil gang, disrupted town operations, locking systems and prompting a $70 million demand in Bitcoin from affected entities worldwide. Leonardtown’s town administrator, Laschelle McKay, said then, “We are working with ICS and their forensic team to determine what, if any, information might have been compromised.” The county avoided payments by relying on backups, restoring services without ransom—a contrast to Anne Arundel’s current uncertainty.
Saturday’s initial statement thanked residents: “Thank you for your patience and understanding as we work diligently to resolve this issue.” Sunday’s closure reflects a shift to prioritize security, with officials tight-lipped on whether ransomware is involved here. The investigation continues, bolstered by lessons from incidents like Leonardtown’s, where external attacks exploited third-party software vulnerabilities. Anne Arundel’s multi-day projection suggests a complex challenge, though 911 and 311 remain operational.
Located near NSA headquarters, Anne Arundel’s incident resonates amid rising cyber threats. Leonardtown’s experience—part of a wave hitting 1,500 businesses globally—underscored local governments’ exposure. There, Kaseya urged users to shut down servers, a step Anne Arundel echoes with its internet restrictions. While no link between the incidents is confirmed, the parallel highlights the region’s ongoing battle with digital security.
