Ransomware Attack on Jackson County Government: BlackSuit Group Exposes Employee and Financial Data
Incident Date:
May 11, 2024
Overview
Title
Ransomware Attack on Jackson County Government: BlackSuit Group Exposes Employee and Financial Data
Victim
Jackson County Goverment
Attacker
Black Suit
Location
First Reported
May 11, 2024
Ransomware Attack on Jackson County Government
Overview
A ransomware attack on Jackson County Government resulted in the theft of employee and financial data, as well as other information from shared folders. The recent ransomware attack by Bianlian exposed employee data like passports, contracts, family details, and medical examinations, as well as financial data like audits, reports, ,and payments.The ransom note left by the attackers warned clients and employees that the management "does not care about their personal information".
Victim Profile
Jackson County, Missouri, is a county government serving the residents of the Kansas City metropolitan area. With a population of about 654,000 people living within 607 square miles, the county includes most of Kansas City, Missouri, and 17 other cities and towns. The county government is headquartered at the Truman Courthouse in Independence, Missouri. It operates in the Government sector, specifically in the Assessment and Collection department. The Assessment Department is responsible for the valuation of all real and personal property in Jackson County. The county also offers online services for property declarations and tax payments.
Ransomware Group Analysis
The ransomware group BlackSuit, which claimed the attack on Jackson County Government, is a new ransomware family closely related to the notorious Royal ransomware group. BlackSuit targets both Windows and Linux systems, including critical VMware ESXi servers. The group distinguishes itself through the use of the .blacksuit extension on encrypted files and a ransom note named README.BlackSuit.txt.
Penetration Method
The BlackSuit ransomware group may have penetrated Jackson County Government's systems through phishing emails, vulnerable software, or exploiting weak network security. The high degree of similarity between BlackSuit and Royal ransomware suggests a connection between the two groups, indicating a sophisticated and organized cybercriminal operation.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.