LockBit 3.0 Ransomware Attack on City of Wichita
Incident Date:
May 8, 2024
Overview
Title
LockBit 3.0 Ransomware Attack on City of Wichita
Victim
City of Wichita
Attacker
Lockbit3
Location
First Reported
May 8, 2024
Ransomware Attack on City of Wichita by LockBit 3.0
Victim Profile
The City of Wichita, the largest city in Kansas, with a population of over 390,000, was targeted by the LockBit 3.0 ransomware group. The city operates in the Government sector, providing various services, information, and resources for residents and visitors.
Company Standout
Wichita is known for its strong aerospace industry, with major employers like Spirit AeroSystems and Textron Aviation. The city also boasts a thriving entrepreneurial ecosystem, offering a high quality of life for its residents.
Attack Details
In the cybercrime incident targeting the City of Wichita's website, the LockBit 3.0 ransomware group infiltrated the systems, encrypting files and demanding a ransom for decryption. The ransomware is known for its advanced capabilities, making it difficult for security researchers to analyze and defend against.
Company Vulnerabilities
Being a large government entity, The City of Wichita, may have been targeted by threat actors due to the sensitive nature of the data it holds. Government organizations are often prime targets for ransomware attacks due to the critical services they provide and the valuable information they possess.
LockBit 3.0 Ransomware Group
The LockBit 3.0 ransomware group, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has evolved from previous versions of LockBit. Known for its advanced capabilities, including file encryption, desktop modifications, and lateral movement within networks, LockBit 3.0 is considered one of the most dangerous ransomware threats currently active.
LockBit May Attacks
LockBit 3.0 resurfaced in May 2024 following the disruption of its infrastructure in February during "Operation Cronos." Despite law enforcement efforts, LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform. The group's adaptability and global reach highlight the challenges in combating cybercrime effectively.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.