Ransomware Gang Genesis Targets City of Hart, Michigan, in Latest Cyberattack Over the weekend, the ransomware group Genesis added the City of Hart, Michigan, to its data leak site, claiming to have stolen 300 GB of data and threatening to publish it within six days unless ransom demands are met. In a February 24, 2026, public meeting, the city acknowledged a "possible data incident" and confirmed that IT providers were investigating the breach while resetting all user passwords. A subsequent statement to Comparitech revealed that an unauthorized third party had accessed a limited portion of the city’s network. The city has engaged external cybersecurity experts to secure its systems and determine the scope of the breach, though it has not yet confirmed Genesis’ claims. Additional monitoring and security measures have been implemented while the investigation continues. Genesis, which emerged in October 2025, has been linked to 49 attacks, with six confirmed by victims. The group employs a double-extortion tactic, encrypting systems and exfiltrating data before demanding payment for both a decryption key and the deletion of stolen files. So far in 2026, Genesis has claimed 23 victims, with the Hart attack marking its second confirmed strike this year. The incident is part of a broader surge in ransomware attacks on U.S. government entities. In 2025, there were 86 confirmed attacks, while 2026 has already seen six, including a recent breach of Huntington, West Virginia, by the Termite ransomware gang. Other recent targets include the Warren County Sheriff’s Office (December 2025, claimed by RansomHouse) and the North Central HIDTA, a federal program hit by DragonForce in November 2025, with 1.48 TB of data allegedly stolen. The City of Hart, a small community of 2,300 residents near Lake Michigan, has not yet disclosed whether personal or sensitive data was compromised. If confirmed, the city has stated it will follow applicable notification requirements.

Warren County Loses $3.3M in Sophisticated Supply Chain Scam Warren County, New York, fell victim to a $3.3 million fraud scheme after scammers sent two fraudulent invoices to the county treasurer’s office in December. The invoices, sent 10 days apart, appeared legitimate, mimicking a vendor the county had previously worked with. Unaware of the deception, county officials authorized electronic transfers totaling the full amount. Cybersecurity expert Paul Tracey, a Warren County resident, identified the incident as a supply chain attack—a growing tactic where criminals impersonate trusted vendors to manipulate payment details. Tracey noted that such scams are often preventable with proper verification policies, emphasizing that 98% of these attacks could be avoided with stricter protocols. The incident has sparked a criminal investigation, with local officials and residents expressing concern over the breach. While some taxpayers, like Jackson Donnelly, urged caution rather than outrage, Tracey warned that the attack underscores a broader vulnerability: even well-resourced organizations in rural areas are prime targets for cybercriminals. The case serves as a stark reminder of the risks posed by increasingly sophisticated financial fraud schemes.