The notorious LockBit ransomware gang has claimed responsibility for a devastating cyberattack on the City of Wichita, Kansas, the largest city in the state with a population of nearly 400,000. This ransomware attack has forced the City’s authorities to shut down crucial IT systems used for online bill payment, including court fines, water bills, and public transportation.
Wichita, a major cultural, economic, and transportation hub in the region, and home to several aircraft factories, announced the disruptive ransomware attack last Sunday, May 5, 2024. In response, the City’s IT specialists promptly shut down computers used in online services to contain the damage and stop the spread of the attack, as stated in their announcement: “This decision was not made lightly but was necessary to ensure that systems are securely vetted before returning to service.”
LockBit Ransomware Gang Threatens Data Leak
Earlier today, the LockBit ransomware group added Wichita to its extortion portal, threatening to publish all stolen files on the site by May 15, 2024, unless the City pays the ransom. This unusually quick listing of a ransomware victim, merely three days after the attack, is believed to be in retaliation for the recent international law enforcement operation that named and sanctioned the leader of the LockBit ransomware operation, a 31-year-old Russian national named Dmitry Yuryevich Khoroshev, who uses the online alias “LockBitSupp.”
Widespread Service Disruptions in Wichita
Meanwhile, Wichita continues to face significant disruptions, with the latest status update indicating that the following services remain unavailable:
- Auto payments for water bills are suspended.
- Public Wi-Fi at certain locations (Airport terminal, Advanced Learning Library, Evergreen, and Walters branches of the Library).
- The online catalog, databases, and some digital services of the Library.
- Email communications through the city network for Library staff.
- Self-service print release stations and self-check stations at the Library.
- Automated materials handler at the Advanced Learning Library.
- Most incoming phone call capability for the Library.
- Wi-Fi and phone services at neighborhood resource centers.
- Public services, including golf courses, parks, courts, and the water district, require residents to pay in cash or by check while online payment platforms are shut down.
Additionally, any Request for Bid, Proposal, or Qualifications with a due date of May 10, 2024, has been deferred until May 17, 2024, and the ‘Bid Opening’ scheduled for Friday, May 10, 2024, has been canceled.
Public safety services like the Wichita Fire Department (WFD) and Wichita Police Department (WPD) have resorted to using “pen and paper” reports, and the Wichita Transit buses and landfill services can only accept cash payments.
Data Theft and Potential Leak
While the City is still investigating whether data was stolen in the attack, the LockBit ransomware gang is known for stealing data before deploying their encryptors. Therefore, if a ransom is not paid, data will likely be leaked in the future on the ransomware gang’s data leak site, exacerbating the already severe impact of this cyberattack on the City of Wichita.
