Wexford County woke up to a ransomware attack before dawn on Election Day 2024. County computers went dark, phones and email failed in key offices, and the Register of Deeds was crippled. A year later, most systems are back, but the people who helped rebuild them say the experience still keeps them up at night.
The attack began early on Nov. 5, 2024, when the county’s network protection system flagged suspicious activity at about 5:30 a.m. County Administrator Joe Porterfield said he was notified right away and called the county’s IT team, prompting an emergency shutdown of county systems.
“We completely disconnected from the internet. We only had a pinhole of internet traffic, so we could monitor all the services and software to find out what they encrypted and what they didn’t,” Porterfield told the Cadillac News.
The county brought in outside cybersecurity specialists and asked for help from the FBI, the Michigan State Police and the Michigan Cyber Civilian Corps. A ransomware group known as Embargo claimed responsibility and posted about the incident online, falsely asserting that county election systems had been compromised. Officials later confirmed that election data stayed secure. The county’s 911 system, which runs on an independent network, remained fully functional throughout the attack.
The most serious damage landed on the Register of Deeds. The system stores property records, land transactions and other real estate documents that underpin everyday life in the county. According to Porterfield, about ten years of index data was destroyed. The underlying images still existed, but without the index that links names, parcels and document numbers, routine title searches became almost impossible. Real estate closings stalled for months.
Register of Deeds Roxanne Snyder told the Cadillac News she learned in the first week or two of December that the core data was corrupted.
“When you hear you’ve had a cyberattack, you hold your breath,” Snyder said. “The first week or two in December, I was notified that it wasn’t looking good, our data was corrupted. That was a pretty sick feeling. There were lots of sleepless nights trying to figure out what to do next.”
With live systems broken, Snyder’s office turned to older backups. The county still had decades of microfilm stored in vaults and underground facilities, covering records from 1976 through 2016. Working with Tyler Technologies and US Imaging Inc., the county sent that film out to be scanned and converted into digital files that could feed a new land records platform.
“We had a backup in the vault from 1976 to 2016 and that was huge,” Snyder said. “We sent that to Tyler Technologies to see if they could use that, thinking it shouldn’t be a problem.”
She worried that a 2016-era export might not mesh with the 2024 and 2025 version of the software the county needed after the attack. Engineers were eventually able to make it work, and the county used that base plus other sources to rebuild more recent records.
When the reconstruction work was complete, Snyder said the county had restored records through Aug. 13, 2024. Getting back to normal service still took months. By late February 2025, the Register of Deeds could once again record new documents. In-person searching resumed on April 15, although public access was initially limited to records dated on or before Aug. 13, 2024. Online search returned in late July, and full system functionality gradually followed through the summer.
Behind those milestones was a large volume of manual verification. Snyder said her office still had about 50,000 documents to check even after systems came back up, and staff had to do that work alongside their regular daily duties. She estimated that less than 5 percent of Register of Deeds documents from Aug. 14 through Oct. 30, 2024, remained unrecovered at the one-year mark. Out of more than 3,000 missing records, she said the office had worked that figure down to 59 by coordinating with the Treasurer’s Office, local title companies, attorneys and other agencies.
“It has made a huge impact and is still impacting the office,” Snyder said. “Here we are at a year and we are still not fully up.”
The county board approved about 275,000 dollars in February to rebuild the system. The spending covered new cloud-based software, scanning and restoration work, and additional security infrastructure. Porterfield said moving county applications, including finance and register systems, into cloud environments was a key part of the recovery effort.
“There’s much more robust backup capability now,” he said. “Information is stored and backed up in multiple locations. It’s more secure for the community, and it also allows us to work from anywhere if there’s ever another disruption.”
Porterfield and Snyder both said the incident permanently changed how the county thinks about cybersecurity. Staff now receive more intensive cyber training. New systems are monitored around the clock. County leaders say they have a clearer sense of how a single attack can ripple through local government and into residents’ lives.
“I believe we are in a much better place today than we were then. We are doing everything we can to monitor and we continue to improve,” Porterfield said.
Snyder agreed but said the cost in stress and time was real.
“I feel much better about it now and we are in a much better place now if something like this were to happen again. I don’t want to have to go through that again,” she said. “You lose a lot of sleep.”
Wexford County has not released a detailed public forensic report on the attack or said whether the Embargo group successfully stole data. Officials have previously said they would notify individuals if personal information was confirmed compromised. The Register of Deeds website now directs residents to a Tyler-hosted portal for online searches, and in-person research is available at the office while staff continue to reconcile the last gaps in the record set.
For this story, Wexford County Administration and the county’s IT managed service provider did not respond to requests for comment.
One year after the breach, the Register of Deeds office is mostly back to normal. The outage and the long months that followed left their own kind of record, written in emergency shutdowns, board votes, cloud migrations and the memory of what it felt like when the quiet systems behind property ownership and local government suddenly stopped working.
.jpg){kind=link}