In late March 2026, the Jackson County Sheriff’s Office — based in Brownstown and responsible for policing Seymour and surrounding areas — suffered a ransomware attack that shut down its entire internal network.

Computers, Wi-Fi, and the department’s online police-report filing system were all encrypted and taken offline at once. Dispatchers were forced to temporarily operate from Seymour Police Department computers, while deputies fell back to writing reports in Microsoft Word or on paper. Federal and state partners (FBI, DHS, Indiana DHS) joined the investigation. The attack was not unusually “sophisticated,” investigators noted — but the county’s defenses were almost non-existent.

The attack vector: phishing, dormancy, and lateral movement

According to public statements from Jackson County Sheriff’s Lt. Adam Nicholson, the ransomware likely entered through a single malicious email. The malware appeared to include a “dormant” phase, sitting quietly on the first infected machine for about a day or two before activating, then spreading laterally across a flat, unsegmented network with no modern email sandboxing or endpoint detection in place.

Systems taken down — from 911 dispatch to the sex-offender registry

The impact wasn’t just “websites down.” The ransomware hit operational infrastructure: dispatch and 911-adjacent systems, the centralized police-report filing system, and records and sensitive data including files tied to the Jackson County sex-offender registry coordinated by Lt. Nicholson on external hard drives. Officials have not stated that data was leaked, only that recovery was uncertain.

No ransom paid — but a hidden tax

Jackson County opted not to pay any ransom, choosing instead to wipe affected computers, replace compromised hardware, and rebuild on fresh infrastructure. That meant lost time and productivity, increased reliance on Seymour PD systems and manual workarounds, and long-term IT-overhaul costs that will show up in county budgets but rarely get headline treatment. For a small county like Jackson, that’s a quiet tax on public safety: money spent fixing preventable failures instead of upgrading patrol, training, or mental-health co-responders.

Why this isn’t just a “server problem”

The Jackson County attack is symbolic of a larger pattern: rural and small-town governments are easy targets for cybercrime. Many counties run on unpatched, years-old operating systems, flat networks, limited cybersecurity staff, and “good enough” practices that fail when a real adversary hits. Ransomware-as-a-service gangs don’t need nation-state tools — they just need one weak link in the email chain.