Law enforcement data stolen in Wichita ransomware attack

The city of Wichita warned its residents on Tuesday that the gang behind a recent ransomware attack likely stole sensitive law enforcement information. 

In a data breach notice about the incident, which is still affecting numerous city services, the government said hackers copied files from its network between May 3-4. 

“These files contained law enforcement incident and traffic information, which include names, Social Security numbers, driver’s license or state identification card numbers, and payment card information,” city officials said, noting that the hackers got in through a “recently disclosed security vulnerability that affects organizations throughout the world.” 

The notice does not say what vulnerability was exploited or how many people were affected.

Wichita officials said there is still no timetable for when affected systems will be brought back online. Since the incident, police officers have had to keep paper records and all city offices have had to revert to cash payments in lieu of access to credit card systems. 

All local transit services are fare-free until further notice and the public wifi at the airport as well as several libraries is shut off for the time being. 

The LockBit ransomware gang recently took credit for the incident and yesterday claimed to have sold the data to an undisclosed buyer. 

Emsisoft threat analyst Brett Callow said it is unlikely the data was actually sold, calling it “nothing more than an attempt by a dying ransomware operation to save face over its failure to monetize an attack.” 

The LockBit ransomware operation has been hobbled by a law enforcement operation against its infrastructure earlier this year. The group has continued to launch attacks but last week its alleged leader was outed by international law enforcement agencies. 

Callow noted that several other ransomware groups have previously claimed to sell data in an effort to save face and make future victims believe their data may indeed be sold if a ransom is not paid.

Incidents nationwide

Several other counties and cities across the U.S. have reported attacks recently limiting government services. 

The city of St. Helena, California, published a notice yesterday warning that its IT team is working with the FBI and the U.S. Secret Service to resolve a cyberattack that began on Monday.  

All of the city’s servers and computers are offline and officials were not able to access their emails as of Wednesday. Police, emergency services and water systems were not affected by the attack. 

Like Wichita, St. Helena is unable to accept credit card payments for everything from library books to water bills. The city’s IT team told the Press-Democrat that the servers accessed by the hackers held mostly staff reports and public records but warned that some of the documents may have personal data. 

The St. Helena attack occurred the day after the government of Macon-Bibb County in Georgia faced similar issues. For days, the county has had to keep systems offline to deal with a cyberattack.

In an update on Tuesday, the county said phone service across the government has been restored but email and internet access is still offline — leaving residents out of luck with basic services like reservations, court payments, taxes and more. 

County Manager Keith Moffett told local news outlets that some government tasks “are not possible until we restore the internet and network."

Much of the county website is still inaccessible as of Wednesday. 

According to Callow, at least 40 local governments in the U.S. have dealt with ransomware attacks this year.