LockBit Ransomware Attack on Clay County, Indiana: Impact and Detailed Analysis
Incident Date:
July 19, 2024
Overview
Title
LockBit Ransomware Attack on Clay County, Indiana: Impact and Detailed Analysis
Victim
Clay County
Attacker
Lockbit3
Location
First Reported
July 19, 2024
LockBit Ransomware Attack on Clay County, Indiana: A Detailed Analysis
Overview of Clay County, Indiana
Clay County, Indiana, established in 1825 and named after American statesman Henry Clay, is a governmental body focused on providing essential services and governance to its residents. The county's official website, claycountyin.gov, serves as a portal for various governmental functions, community resources, and public services. The county is responsible for law enforcement, public health, infrastructure maintenance, and community development, making it a critical entity in the local governance landscape.
Details of the Ransomware Attack
On July 9, 2024, Clay County fell victim to a ransomware attack orchestrated by the LockBit group, resulting in significant disruption to several government services. LockBit claimed responsibility for the attack, alleging the theft of 103 GB of data, including PDF documents and images. The ransom deadline was set for August 4, 2024. The county confirmed the attack and declared a local disaster on July 11, extending the state of emergency to July 25 as recovery efforts continue. The attack has taken the county’s official website offline, prompting the establishment of a temporary site to keep residents informed. Several county agencies, including CASA, Child Support services, and the Circuit Court, have been closed or restricted, with some services set to reopen on July 22. The county is collaborating with law enforcement, government authorities, and cybersecurity experts from Mandiant to restore systems.
About LockBit Ransomware Group
LockBit, also known as LockBit Black, is a highly sophisticated ransomware-as-a-service (RaaS) group active since September 2019. It has become the most active ransomware group, responsible for over one-third of all ransomware attacks in the latter half of 2022 and the first quarter of 2023. LockBit employs "double extortion" tactics, exfiltrating sensitive data and threatening to release it publicly if the ransom is not paid. The ransomware uses a combination of RSA-2048 and AES-256 encryption algorithms to encrypt victims' files. LockBit is designed to exploit vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network.
Penetration and Impact
LockBit's ability to exploit vulnerabilities in RDP services and unsecured network shares likely facilitated its penetration into Clay County's systems. The attack has significantly impacted the county's operations, taking the official website offline and disrupting essential services. The county's reliance on digital infrastructure for governance and public services made it a prime target for such an attack. The ongoing recovery efforts, including collaboration with cybersecurity experts and law enforcement, highlight the severity of the incident and the county's commitment to restoring full operations.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.