Golf Manor, Ohio, officials say a recent ransomware incident encrypted the village’s computer network and backups, and the council on Nov. 24 reviewed but did not approve a draft resolution that could authorize any ransom payment.
The village has not said when the incident occurred, only that it was recent. Public agendas and summaries for Nov. 10 meetings make no mention of a cyber incident.
A draft resolution prepared for the Nov. 24 meeting states that the village “became the victim of a cybersecurity ransomware attack which has completely encrypted their computer network including all available data backups.”
The same draft, labeled Resolution 2025-30, would allow the village, “upon the receipt of guidance and advice from third party experts,” to make a ransom payment in exchange for a decryption key for its backups and network. Officials described the document during the meeting as a recommendation from insurer-assigned counsel, not a final policy.
“The village did experience a cyber security incident. It’s called a breach, which did include ransomware,” Village Administrator Ron Hirth told council at the end of the Nov. 24 meeting. “The village is not at a stage where we have any interest whatsoever in paying this ransom.”
Hirth said the draft was written by an attorney provided through the village’s insurance carrier who is not licensed in Ohio and that the resolution language lacks some state-specific citations and local formatting. He told council he was “not necessarily recommending that that be passed tonight” and asked members to review it for possible action in December.
Although the draft posted on the village website includes a signature block and “PASSED this 24th day of November, 2025” language, council did not take a vote on it during the meeting. Council later entered executive session “for discussion of matters that must be kept confidential by federal law, federal rules or state statutes,” a category that can include certain cybersecurity records under Ohio’s new statewide law.
Officials have not publicly detailed which systems were affected beyond the statement that the computer network and “all available data backups” were encrypted. During the same meeting, Golf Manor Police Capt. Ryland Reed reported 421 calls for service in the prior month, most dispatched through Hamilton County communications, and did not describe any disruption to 911 or radio traffic.
Reed also noted difficulty getting documents into the village’s “emergency inbox” in real time and called it “quite a hassle,” though officials did not explicitly link that issue to the ransomware incident. There has been no public notice explaining whether resident records, police data or financial information were accessed or stolen.
Ohio’s new Section 9.64 of the Revised Code, effective Sept. 30, 2025, requires every local government to adopt a cybersecurity program and restricts ransom payments when they suffer a ransomware incident. Under 9.64(b), political subdivisions “shall not pay or otherwise comply with a ransom demand” unless their legislative authority formally approves the payment in a public resolution or ordinance that explains why it is in the entity’s best interest.
State guidance from the auditor’s office and Ohio’s cyber office also requires local governments to report qualifying cyber or ransomware incidents within seven days to the Ohio Cyber Integration Center and within 30 days to the auditor, using a standardized incident-reporting form. The law further exempts certain cybersecurity-related information from public records, which may limit how much detail Golf Manor can release about the technical investigation.
Hirth told council the insurer-assigned lawyer recommended adopting the ransomware resolution as a precaution even though village leadership has “no interest whatsoever” in paying a ransom at this stage. The resolution’s text contemplates a possible payment “for receipt of a decryption key” if third-party experts advise that is necessary to restore systems.
Ohio local governments have been under pressure to harden defenses after several high-profile ransomware incidents. Union County recently disclosed that attackers accessed its systems in May 2025, stole Social Security numbers and financial data, and affected more than 45,000 residents and employees in a ransomware attack that went unclaimed by any known group. Commentators and state officials have cited such cases as reasons for House Bill 96’s strict reporting and ransom-approval requirements.
Local governments across the state have been hit repeatedly in recent months. Mentor took its hosted servers offline in October after a cyberattack that briefly disrupted city phone lines, though 911 remained available. Urbana reported a Nov. 23 cyberattack that disrupted several municipal systems. West Chester Township saw two August incidents targeting its central email server, one later claimed by the PEAR ransomware group. Middletown has spent months recovering from an August cyberattack, widely described as ransomware, that crippled city systems and halted water-bill payments.
Golf Manor is an inner-ring Cincinnati suburb of about 3,800 residents in Hamilton County, covering roughly 0.57 square miles and operating its own police and public works while relying on a joint fire and EMS district.
Golf Manor has not posted a stand-alone cyber incident notice describing the ransomware event, impacted systems or any data exposure on its public news pages. Council is expected to revisit the ransomware authorization language after local counsel revises the draft to better align with Ohio law and village formatting. It is unclear whether the village plans to issue a broader public notice about the incident. Village officials did not respond to a request for information at the time of publication.
