article featured image


The City of Wichita, Kansas, fell victim to a ransomware attack, prompting the shutdown of its network to prevent further damage.

The LockBit ransomware group has since claimed responsibility, adding the city to its list of targets on its Tor leak site and threatening to release stolen data.

How is Wichita managing the ransomware incident?

Following the security breach on May 5th, 2024, Wichita initiated an immediate response to stop the threat from spreading.

The city is collaborating with third-party security experts and both federal and local law enforcement to manage and contain the ransomware incident.

As part of these efforts, Wichita temporarily disabled certain online services to secure their systems before restoration, although no specific timeline for full recovery has been disclosed.

“We regret to report that certain online City services may be unavailable as we thoroughly review and assess an incident that affected some of our computer systems. As part of this assessment, we turned off our computer network. (…)

We are working with specialists to thoroughly review and assess systems before putting them back online.

Systems will be restored on a staggered basis to minimize disruptions. We do not have a definitive timeline for returning all systems to production.”

Security Breach Notification (source)

What do we know about the alleged attackers?

The city has opted not to disclose the specific ransomware family used or more details about the attackers, citing operational security reasons.

However, the Lockbit ransomware group claimed the attack and set a deadline for the ransom payment for May 15, 2024, explains Security Affairs.

a screenshot of a webpage from the LockBit 3.0 website displaying leaked data.The webpage indicates a ransom deadline of "15 May, 2024 16:02:52 UTC" for the City of Wichita

Lockbit Ransomware’s Claim (source)

This comes after the governments of Britain, the U.S., and Australia imposed sanctions on Dmitry Khoroshev, a senior leader of the LockBit cybercrime gang.

As per Reuters, this announcement came after significant investigative efforts led by Britain’s National Crime Agency, the U.S. Department of Justice, FBI, and Europol, which earlier disrupted the gang’s operations by hijacking its darkweb site.

These sanctions include asset freezes and travel bans for Khoroshev.

If you liked this piece, follow us on LinkedInTwitterFacebook, and YouTube for more cybersecurity news and topics.

Heimdal Official Logo
Neutralize ransomware before it can hit.

Heimdal™ Ransomware Encryption Protection

Specifically engineered to counter the number one security risk to any business – ransomware.
  • Blocks any unauthorized encryption attempts;
  • Detects ransomware regardless of signature;
  • Universal compatibility with any cybersecurity solution;
  • Full audit trail with stunning graphics;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.
Author Profile

Madalina Popovici

Digital PR Specialist

linkedin icon

Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.

Leave a Reply

Your email address will not be published. Required fields are marked *