Ransomware Attack on Sandy Township Police Department

The Sandy Township Police Department, a progressive law enforcement agency in DuBois, Pennsylvania, has recently fallen victim to a ransomware attack orchestrated by the notorious LockBit group. The department, which serves a population of approximately 12,000 residents over 52 square miles, has been added to LockBit's dark web leak site, with a ransom deadline set for August 9.

About the Sandy Township Police Department

The Sandy Township Police Department is a well-structured agency dedicated to maintaining public safety and fostering positive community relationships. The department is staffed by a Chief of Police, a Detective/Sergeant, a Sergeant, two Patrol Corporals, eight full-time police officers, a School Resource Officer (SRO), and an Administrative Assistant. The department is responsible for patrolling 100 miles of roadway and an additional 100 miles within the private gated community of Treasure Lake.

The department's mission includes crime prevention, traffic enforcement, and community engagement. Officers are actively involved in various community programs and initiatives, including school safety programs and crime prevention strategies. The department's commitment to staffing and community engagement underscores its proactive approach to law enforcement.

Details of the Ransomware Attack

The LockBit group has claimed responsibility for the ransomware attack on the Sandy Township Police Department. The attackers have threatened to release sensitive information unless a ransom is paid by August 9. This incident highlights the vulnerabilities faced by public sector entities, particularly those with limited cybersecurity resources.

About LockBit Ransomware Group

LockBit is a highly sophisticated ransomware-as-a-service (RaaS) group that has been active since September 2019. Known for its modular ransomware, LockBit employs "double extortion" tactics, exfiltrating sensitive data and threatening to release it publicly if the ransom is not paid. The group uses a combination of RSA-2048 and AES-256 encryption algorithms to encrypt victims' files.

LockBit exploits vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network. The ransomware is designed to avoid executing on systems with languages common to the Commonwealth of Independent States (CIS) region. Indicators of Compromise (IOCs) for LockBit include the creation of a mutual exclusion object (Mutex) and changes to the victim's computer wallpaper.

Potential Vulnerabilities and Penetration Methods

The Sandy Township Police Department, like many public sector entities, may have been targeted due to potential vulnerabilities in their cybersecurity infrastructure. The use of outdated software, lack of network segmentation, and insufficient employee cybersecurity training could have contributed to the successful penetration of their systems by LockBit. The attackers likely exploited weaknesses in RDP services or unsecured network shares to gain access to the department's network.

• Sandy Township Police Department
• Connect Radio
• The Progress News
• SOCRadar
• Red Piranha