LockBit claims attack on Wichita as city struggles with payment issues, airport disruption

One the same day that the LockBit ransomware gang’s leader was publicly named by U.S. law enforcement agencies, the group took credit for a devastating attack on the city of Wichita.

The Kansas city first announced the incident on Sunday, and since then it has caused a cascade of problems — from shutting off the WiFi and departure screens at the local airport to forcing all city-run organizations to revert to cash payments. 

LockBit added the city to its leak site on Tuesday, giving officials until May 15 to pay an undisclosed ransom. The group has continued to post new victims following a law enforcement operation in February where agencies in the U.K. and U.S. took down infrastructure used for ransomware attacks.

LockbitSupp, the pseudonymous leader of LockBit, was identified Tuesday as a Russian national called Dmitry Khoroshev as the United States, United Kingdom and Australia imposed financial sanctions against him.

Cash or check only

Officials provided more clarity on how the ransomware attack is affecting Wichita city services on Monday evening, writing that citizens will need to use cash for any services facilitated by the government.

The police and fire departments were still responding to emergency calls but were using paper to create reports. Citizens were told to pay with cash or check for water bills, bus tickets, licenses, garbage disposal, museums and court fees. 

The city pledged to not shut off the water for those who are unable to pay with cash or checks. City Council meetings will not be streamed online, and WiFi at some library locations has been affected. Officials warned that there may be other technological issues with government systems for the time being. 

“Many City systems are down as security experts determine the source and extent of the incident. There is no timetable for when systems could be coming back online,” the city said in a statement. 

“Other services that may be impacted include: staff email through the City network (if you email us, we might not be able to respond during this outage), the library website, most databases, including Kanopy, LinkedIn Learning, etc, the online catalog, the Self-service print release stations, the self-check stations, the automated materials handler at the Advanced Learning Library – place returns in the manual book drop, most incoming phone call capability.”

Emsisoft threat analyst Brett Callow said Wichita was the 38th municipality in the U.S. to suffer from a ransomware attack this year after the city of Buckeye, Arizona also dealt with its own attack that has been claimed by a ransomware gang on Tuesday.