Cyberattack on Kansas town affects email, phone, payment systems

A cyberattack on a small city in Kansas has disrupted the government’s email, phone and online payment systems.

Pittsburg — home to about 20,000 people along the state’s border with Missouri and Oklahoma — said it discovered the incident over the weekend. The attack caused an IT outage that limited government systems but did not affect 911 dispatch and other utilities.

“While these types of situations have become all-too-common nationwide, we recognize the significance of this event and have taken quick action to address it,” said City Manager Daron Hall. “Our comprehensive assessment is ongoing and may take several weeks. In the meantime, we are committed to delivering the highest level of services to our community.”

The city’s incident response team “took proactive measures to protect city data and network systems” while also hiring forensic experts to “ fully understand the extent and implications” of the attack.

City operations will continue and public safety services remained in operation despite the attack. The city did not respond to requests for comment about whether it was a ransomware attack and whether a ransom will be paid.

No group has taken credit for the attack. A medical center and wastewater facilities in Kansas have previously faced cybersecurity incidents over the last three years.

Officials at Pittsburg State University, located in the south part of town, said the school was not directly affected by the attack.

The latest of many

Over the last week, multiple municipalities across the U.S. have faced attacks by hackers or ransomware gangs. Hinds County, Mississippi, has spent the last week struggling to recover from a ransomware incident that has disrupted government services.

The attack has hampered the ability of home buyers and sellers to conduct business because they do not have access to county records.

County officials did not respond to requests for comment and Mississippi’s Department of Public Safety declined to answer questions about the incident because it is not the lead agency involved in the attack recovery process.

The FBI, which officials said is leading the charge, declined to comment on when government services would be restored. Hinds County is home to the state’s capital — Jackson — and is home to more than 240,000 people.

Just one state over from Pittsburg, St. Louis County was thrown into chaos last week after dealing with its own cyberattack. The St. Louis Post Dispatch reported that the county’s Regional Justice Information System — known as REJIS and also used by counties in Kansas and Illinois — suffered an incident that brought the system down, affecting all of the county’s police officers, jails, municipal courts and attorneys.

The county was forced to book and release people from jail using paper records, and county officials wrote on Facebook that all court cases scheduled in St. Louis County Municipal Court were canceled for multiple days.

On Friday, County Executive Sam Page sent a letter to the St. Louis County Council explaining that $5 million was needed from the county’s emergency fund to “support necessary measures to safeguard the County from future cybersecurity attacks."

“As you know, this week we were notified by the Regional Justice Information System (REJIS) of a cybersecurity event, which caused the County to shut down several of our servers. This shut down impacted our ability to perform several critical County functions involving the Police Department, Department of Justice Services, the Municipal Court, County Counselor's Office, and Prosecuting Attorney's Office, all of which perform critical public safety functions,” Page said.

“This event caused us to lose access to essential applications which are in process being recovered by multiple County teams. This is an event that we hoped would not happen and could have been much worse.”

Page went on to note that the “cost of a temporary shut-down of County government far exceeds the cost of these measures” and that this was the moment to “take necessary measures that can no longer be ignored.”

The council was scheduled to consider the proposal Monday.

The federal Department of Homeland Security warned last week that ransomware gangs are slated to bring in nearly $1 billion in extortion ransoms in 2023 due to an endless number of attacks on both private businesses and government organizations at the state and federal level.