City of Wichita breach claimed by LockBit ransomware gang

The LockBit ransomware gang has claimed responsibility for a disruptive cyberattack on the City of Wichita, which has forced the City's authorities to shut down IT systems used for online bill payment, including court fines, water bills, and public transportation.

Wichita, Kansas, is the largest city in the state, with a population of nearly 400,000. It serves as a major cultural, economic, and transportation hub in the region and is home to several aircraft factories.

Last Sunday, May 5, 2024, the City's authorities announced they were facing a disruptive cyberattack after ransomware encrypted portions of its network.

To contain the damage and stop the spread of the attack, the City's IT specialists shut down computers used in online services.

"This decision was not made lightly but was necessary to ensure that systems are securely vetted before returning to service," mentioned the announcement.

Earlier today, the LockBit ransomware group added Wichita to its extortion portal, threatening to publish all stolen files on the site by May 15, 2024, unless the City pays the ransom.

The list of a ransomware victims only three days after an attack is unusual, as ransomware gangs usually give companies more time to negotiate.

However, this reveal comes only a few hours after an international law enforcement operation named and sanctioned the leader of the LockBit ransomware operation as a 31-year-old Russian national named Dmitry Yuryevich Khoroshev, who uses the online "LockBitSupp" alias.

The quick listing of the City may be in revenge for the recent law enforcement operations that have severely disrupted the operation and tarnished its operator's reputation.

Meanwhile, Wichita continues to disruption, with the  latest status update saying the following services remain unavailable: 

Auto payments for water bills are suspended. Public Wi-Fi at certain locations (Airport terminal, Advanced Learning Library, Evergreen, and Walters branches of the Library). The online catalog, databases, and some digital services of the Library. Email communications through the city network for Library staff. Self-service print release stations and self-check stations at the Library. Automated materials handler at the Advanced Learning Library. Most incoming phone call capability for the Library. Wi-Fi and phone services at neighborhood resource centers. Public services, including golf courses, parks, courts, and the water district, require residents to pay in cash or by check while online payment platforms are shut down.

Any Request for Bid, Proposal, or Qualifications with a due date of May 10, 2024, is deferred until May 17, 2024. Also, the 'Bid Opening' scheduled for Friday, May 10, 2024, has now been canceled.

In addition to the above, some public safety services like the WFD and WPD have resorted to using "pen and paper" reports, and the Wichita Transit buses and landfill services can only accept cash payments.

While the City is still investigating whether data was stolen in the attack, the LockBit ransomware gang is known to steal data before deploying their encryptors.

Therefore, if a ransom is not paid, data will likely be leaked in the future on the ransomware gang's data leak site.