LockBit 3.0 Ransomware Attack on City of Wichita

Incident Date:

May 8, 2024

World map

Overview

Title

LockBit 3.0 Ransomware Attack on City of Wichita

Victim

City of Wichita

Attacker

Lockbit3

Location

Wichita, USA

Kansas, USA

First Reported

May 8, 2024

Ransomware Attack on City of Wichita by LockBit 3.0

Victim Profile

The City of Wichita, the largest city in Kansas, with a population of over 390,000, was targeted by the LockBit 3.0 ransomware group. The city operates in the Government sector, providing various services, information, and resources for residents and visitors.

Company Standout

Wichita is known for its strong aerospace industry, with major employers like Spirit AeroSystems and Textron Aviation. The city also boasts a thriving entrepreneurial ecosystem, offering a high quality of life for its residents.

Attack Details

In the cybercrime incident targeting the City of Wichita's website, the LockBit 3.0 ransomware group infiltrated the systems, encrypting files and demanding a ransom for decryption. The ransomware is known for its advanced capabilities, making it difficult for security researchers to analyze and defend against.

Company Vulnerabilities

Being a large government entity, The City of Wichita, may have been targeted by threat actors due to the sensitive nature of the data it holds. Government organizations are often prime targets for ransomware attacks due to the critical services they provide and the valuable information they possess.

LockBit 3.0 Ransomware Group

The LockBit 3.0 ransomware group, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has evolved from previous versions of LockBit. Known for its advanced capabilities, including file encryption, desktop modifications, and lateral movement within networks, LockBit 3.0 is considered one of the most dangerous ransomware threats currently active.

LockBit May Attacks

LockBit 3.0 resurfaced in May 2024 following the disruption of its infrastructure in February during "Operation Cronos." Despite law enforcement efforts, LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform. The group's adaptability and global reach highlight the challenges in combating cybercrime effectively.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.