More than 40 US city and county governments were hit by ransomware attacks in the first four months of 2026, disrupting services including 911 dispatch, tax collection, permitting, and court systems. Several smaller municipalities have faced choices between paying ransoms measured in hundreds of thousands of dollars or rebuilding their entire IT infrastructure from scratch, with rebuilding costs often exceeding ransom demands.
The attacks on local governments are particularly damaging to public trust and service delivery because municipalities cannot shift operations to backup systems with the flexibility of private companies. Several affected cities are now pooling cybersecurity resources through regional cooperative arrangements that give smaller jurisdictions access to security operations center monitoring and incident response capabilities they could not afford individually.
