Ransomware Hits Sandy Township Police: LockBit Demands Ransom
Incident Date:
July 31, 2024
Overview
Title
Ransomware Hits Sandy Township Police: LockBit Demands Ransom
Victim
Sandy Township Police
Attacker
Lockbit3
Location
First Reported
July 31, 2024
Ransomware Attack on Sandy Township Police Department
The Sandy Township Police Department, a progressive law enforcement agency in DuBois, Pennsylvania, has recently fallen victim to a ransomware attack orchestrated by the notorious LockBit group. The department, which serves a population of approximately 12,000 residents over 52 square miles, has been added to LockBit's dark web leak site, with a ransom deadline set for August 9.
About the Sandy Township Police Department
The Sandy Township Police Department is a well-structured agency dedicated to maintaining public safety and fostering positive community relationships. The department is staffed by a Chief of Police, a Detective/Sergeant, a Sergeant, two Patrol Corporals, eight full-time police officers, a School Resource Officer (SRO), and an Administrative Assistant. The department is responsible for patrolling 100 miles of roadway and an additional 100 miles within the private gated community of Treasure Lake.
The department's mission includes crime prevention, traffic enforcement, and community engagement. Officers are actively involved in various community programs and initiatives, including school safety programs and crime prevention strategies. The department's commitment to staffing and community engagement underscores its proactive approach to law enforcement.
Details of the Ransomware Attack
The LockBit group has claimed responsibility for the ransomware attack on the Sandy Township Police Department. The attackers have threatened to release sensitive information unless a ransom is paid by August 9. This incident highlights the vulnerabilities faced by public sector entities, particularly those with limited cybersecurity resources.
About LockBit Ransomware Group
LockBit is a highly sophisticated ransomware-as-a-service (RaaS) group that has been active since September 2019. Known for its modular ransomware, LockBit employs "double extortion" tactics, exfiltrating sensitive data and threatening to release it publicly if the ransom is not paid. The group uses a combination of RSA-2048 and AES-256 encryption algorithms to encrypt victims' files.
LockBit exploits vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network. The ransomware is designed to avoid executing on systems with languages common to the Commonwealth of Independent States (CIS) region. Indicators of Compromise (IOCs) for LockBit include the creation of a mutual exclusion object (Mutex) and changes to the victim's computer wallpaper.
Potential Vulnerabilities and Penetration Methods
The Sandy Township Police Department, like many public sector entities, may have been targeted due to potential vulnerabilities in their cybersecurity infrastructure. The use of outdated software, lack of network segmentation, and insufficient employee cybersecurity training could have contributed to the successful penetration of their systems by LockBit. The attackers likely exploited weaknesses in RDP services or unsecured network shares to gain access to the department's network.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.