An apparent cyberattack prompted Anne Arundel County to close government buildings Monday.

The county said in a news release that “an ongoing cyber incident of external origin impacting public services” led officials to close county buildings.

A county spokesperson declined to answer questions, citing an ongoing investigation into the incident.

“It sounds like, in very simple parlance, they got attacked. They got hacked. What it could be, we don’t know yet,” said Dr. Richard Forno, assistant director of the University of Maryland, Baltimore County’s Cybersecurity Institute.

While it’s unclear exactly what type of cyberattack struck Anne Arundel, Forno added, “I suspect it could be some kind of ransomware attack. Local governments, in particular, are more susceptible to ransomware attacks.”

In a ransomware attack, hackers infiltrate a system, encrypt, or lock, the data and demand payment to unlock the information, according to Forno.

The county said in a news release that it is “taking precautionary measures to ensure the safety of our systems. This includes limiting access to the internet and some systems until we are able to return to full operations.”

Officials are working with the the county IT department, law enforcement, cybersecurity specialists and each department to investigate the attack, according to the release.

“At this time, the full scope of impact is still being determined,” the county said.

Officials said employees who are able to telework are expected to work remotely, while “emergency and essential employees” are expected to report for duty as usual. All employees, according to the release, “should consult with their supervisors to determine appropriate work assignments based on IT systems availability.”

While county buildings are closed, several government services will go forward.

Curbside trash and recycling services will continue as scheduled, despite the county landfill being closed. All Department of Recreation and Parks venues, including regional parks, are open.

Neither Anne Arundel County Public Schools or the county’s library system were impacted by the cyberattack.

It’s unclear how long it will take the county to recover from the attack.

“[In] cybersecurity incidents, the damage happens very quickly,” Forno said. “The time to investigate, remediate and recover, can take days, maybe months at times.”

Forno pointed to the 2019 ransomware attack on Baltimore, which disrupted city government for months.

“We just really don’t know yet how widespread this incident is and therefore we don’t know how long it would take to recover from or what the cost to recover would be,” Forno said. “Cyber incidents are not cheap.”

Forno said it’s critical for county governments to keep up to date on cybersecurity practices. Simple measures such as maintaining strong passwords, ensuring systems are properly secured with software and backing up data can make it much harder for hackers.

Still, Forno said, “you’re never going to achieve 100% security. It’s a noble goal, but you’re never going to get there.”

This article has been updated to correct the name of the UMBC Cybersecurity Institute.