Ransomware Attack on Ewing Marion Kauffman School by LockBit 3.0

Incident Date:

May 16, 2024

World map



Ransomware Attack on Ewing Marion Kauffman School by LockBit 3.0


Ewin Marion Kauffman School




Kansas City, USA

Missouri, USA

First Reported

May 16, 2024

Ransomware Attack on Ewing Marion Kauffman School by LockBit 3.0

Victim Overview

The Ewing Marion Kauffman School, a public charter school in Kansas City, Missouri, was targeted by the cybercrime group LockBit 3.0. The school's website was compromised in the attack.

Company Profile

The school is dedicated to providing a high-quality education to students in grades 5-12, with a focus on academic excellence, college graduation, and the successful application of students' talents in the world. The school enrolls 1,089 students, primarily from low-income households, and is committed to leading for racial equity.

Standout Features

EMKS stands out in the education sector for its mission to prepare students for college graduation and success in their future endeavors. It actively works on diversity and inclusion, aiming to create a supportive and inclusive learning environment for all students.


Being a public institution that serves a large number of students, the Ewing Marion Kauffman School may be vulnerable to cyber threats due to the sensitive nature of student data and the potential impact on the educational process. The school's focus on providing quality education and supporting students' growth could make it a target for threat actors seeking to disrupt operations and exploit valuable information.

Attack Overview

LockBit 3.0, a dangerous ransomware group known for its advanced capabilities and evasive tactics, targeted the Ewing Marion Kauffman School's website. The ransomware encrypted files, modified filenames, changed the desktop wallpaper, and dropped a ransom note on the victim's desktop. LockBit 3.0 is notorious for its obfuscation techniques and ability to move laterally through networks, making it challenging for security researchers to analyze and mitigate.

Penetration Method

LockBit 3.0 could have penetrated the Ewing Marion Kauffman School's systems through various means, such as phishing emails, unpatched software vulnerabilities, or weak security configurations. The ransomware group's ability to adapt and enhance its infection capacities poses a significant threat to organizations.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.