Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
The City of Wichita, Kansas, fell victim to a ransomware attack, prompting the shutdown of its network to prevent further damage.
The LockBit ransomware group has since claimed responsibility, adding the city to its list of targets on its Tor leak site and threatening to release stolen data.
How is Wichita managing the ransomware incident?
Following the security breach on May 5th, 2024, Wichita initiated an immediate response to stop the threat from spreading.
The city is collaborating with third-party security experts and both federal and local law enforcement to manage and contain the ransomware incident.
As part of these efforts, Wichita temporarily disabled certain online services to secure their systems before restoration, although no specific timeline for full recovery has been disclosed.
“We regret to report that certain online City services may be unavailable as we thoroughly review and assess an incident that affected some of our computer systems. As part of this assessment, we turned off our computer network. (…)
We are working with specialists to thoroughly review and assess systems before putting them back online.
Systems will be restored on a staggered basis to minimize disruptions. We do not have a definitive timeline for returning all systems to production.”
Security Breach Notification (source)
What do we know about the alleged attackers?
The city has opted not to disclose the specific ransomware family used or more details about the attackers, citing operational security reasons.
However, the Lockbit ransomware group claimed the attack and set a deadline for the ransom payment for May 15, 2024, explains Security Affairs.
Lockbit Ransomware’s Claim (source)
This comes after the governments of Britain, the U.S., and Australia imposed sanctions on Dmitry Khoroshev, a senior leader of the LockBit cybercrime gang.
As per Reuters, this announcement came after significant investigative efforts led by Britain’s National Crime Agency, the U.S. Department of Justice, FBI, and Europol, which earlier disrupted the gang’s operations by hijacking its darkweb site.
These sanctions include asset freezes and travel bans for Khoroshev.
If you liked this piece, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.
Heimdal™ Ransomware Encryption Protection
- Blocks any unauthorized encryption attempts;
- Detects ransomware regardless of signature;
- Universal compatibility with any cybersecurity solution;
- Full audit trail with stunning graphics;
Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.
