lockbit2 attacks Colona City Hall

Incident Date:

June 4, 2022

World map

Overview

Title

lockbit2 attacks Colona City Hall

Victim

Colona City Hall

Attacker

Lockbit2

Location

Colona, USA

Illinois, USA

First Reported

June 4, 2022

Colona City Hall Targeted by LockBit2 Ransomware Group

Colona City Hall has been targeted by the LockBit2 ransomware group, as announced on their dark web leak site. The city operates in the Government sector and has a website at https://www.colonail.com/. The city's website provides information on various services, including hydrant flushing, yard waste pick-up, and utility rate changes.

Company Size and Industry Standing

Colona City Hall is a local government entity, and its size and industry standing are not explicitly mentioned in the search results. However, it is part of the Government sector, which is a significant target for ransomware attacks due to the sensitive nature of the data they handle.

Vulnerabilities and Targeting

The specific vulnerabilities that led to the attack on Colona City Hall are not detailed in the search results. However, it is mentioned that the LockBit2 ransomware group has been active since late 2019 and has been involved in various attacks on critical infrastructure providers. The group has been known to steal data and threaten to release it on the dark web if ransom demands are not met.

In the past, ransomware groups have gained access to operational technology systems through weaknesses in third-party software or by tricking employees into downloading malware. The nature of the attack on Colona City Hall suggests that the attackers may have exploited a vulnerability in the city's IT systems or gained access through a phishing email.

Mitigating Ransomware Attacks

To mitigate the risk of ransomware attacks, organizations should implement appropriate cybersecurity measures, such as keeping operational technology offline, using air-gapping techniques, and ensuring that employees are trained to recognize and avoid phishing emails. Additionally, organizations should have a robust incident response plan in place to minimize the impact of an attack and prevent data loss.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.