Colorado police investigating ransomware attack on small town
The police department of Frederick, Colorado said it is investigating claims that the town government was hit with a ransomware attack.
On Thursday, the LockBit ransomware group added the town of about 15,000 residents to its list of victims. A spokesperson for the town told The Record that it has “received notification of a potential ransomware attack.”
“The Frederick Police Department is working with Information Technology to verify the validity of these postings,” the spokesperson said.
“Currently, there is no evidence of intrusion into our secure network.”
A representative for the Colorado Division of Homeland Security and Emergency Management added that the Colorado Information Analysis Center, which operates within the cybersecurity division of the organization, is providing support for the town as it addresses the incident.
The Colorado governor’s office did not respond to requests for comment.
LockBit, a ransomware-as-a-service operation that began in 2019, overtook Conti in June to become the most prolific ransomware group in terms of publicly claimed victims.
The group recently rebranded and launched attacks on French mobile phone network La Poste Mobile, a Foxconn factory, a Canadian fighter jet training company, and a popular German library service.
The ransomware gang took credit for more than 50 ransomware incidents in June, bringing its total victim count to 903, according to data collected by Recorded Future from extortion sites, government agencies, news reports, hacking forums, and other sources.
Last year, 36 local governments in the U.S. reported ransomware incidents by June, and 77 were attacked by the end of the year, according to Emsisoft threat analyst and ransomware expert Brett Callow.
Both 2019 and 2020 saw 113 reported ransomware attacks on local governments in the U.S.
While the number of ransomware attacks on local governments has fallen slightly in recent months, several crippling attacks have been reported.
Alexandria, a 50,000-person city about two hours outside of Baton Rouge, Louisiana, was hit with a ransomware attack in early June. Somerset County — which has a population of about 350,000 and is just north of Princeton University in New Jersey – was also hit with a damaging ransomware attack in late May.
About two weeks later, a nearby public school district in New Jersey was forced to cancel final exams after a ransomware attack caused outages. A 12,500-student community college in California was attacked by a ransomware group last week.
This week, the school district of Mooresville, Indiana was also hit with ransomware by a new group called “BianLian.” The group claimed it stole the social security numbers and more for about 4,200 students.
A new #ransomware group named #BianLian claims to have hacked #Mooresville Schools (@MrsvlPioneers), a public school district in Indiana, . The group claims to have stolen ~4,200 student records containing phone numbers, email addresses, and social security numbers… pic.twitter.com/QWECxn62L9
— BetterCyber (@_bettercyber_) July 11, 2022
In a statement to The Record, a spokesperson for the school district confirmed that it “experienced a computer network disruption” that impacted some of its operations.
“Upon discovering this incident, we immediately took steps to secure our systems and engaged external cybersecurity experts to investigate. We are aware of claims made regarding disclosure of Mooresville’s data,” the spokesperson said.
“At this time, these claims are unverified, and we are investigating them. We are working actively and diligently with the assistance of our retained experts to remediate and investigate what occurred. If we determine that sensitive or protected information has been impacted by this incident, we are committed to satisfying any applicable regulatory, legal, governmental, or ethical obligation.”
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.