The city of Cocoa, Florida, is currently navigating a significant municipal IT disruption that has severely impacted local government operations. While city officials have officially described the incident as "technical issues," the ransomware group INC Ransom has claimed responsibility for the outage, listing the city as a victim on their dark web leak site as of February 23, 2026.Â
In response to the system failures identified on February 16, the City Council has issued an emergency declaration and expedited the allocation of resources for system restoration and forensic investigation. The disruption has impacted:
In some cases, residents are required to file paper applications in person at City Hall. City officials have emphasized that public safety remains uncompromised, with 911 dispatch and emergency operations continuing to function normally despite the broader network outage.
Meanwhile, INC Ransom added the city to its leak site and provided some leaked documents to substantiate the claims.
As the city of Cocoa works with technical partners to restore services, municipalities are increasingly targeted by ransomware operators.Â
The attack on Cocoa follows similar recent incidents in the U.S., including a January network disruption at New Britain City Hall and ransomware attacks in December against Leduc County and the City of Santa Paula.
INC Ransom also claimed to have breached energy and construction companies ACWA Power Saudi Arabia and Larsen & Toubro India, respectively, leaking data as proof.Â