close
close

LockBit claims attack on Wichita as the city struggles with payment issues and airport disruptions

On the same day that the leader of the LockBit ransomware gang was publicly named by US law enforcement, the group took credit for a devastating attack on the city of Wichita.

The city of Kansas first announced the incident on Sunday, and since then it has caused a cascade of problems — from shutting down Wi-Fi and departure screens at the local airport to requiring all city organizations to switch back to cash payments.

LockBit added The city addressed its leak on Tuesday and gave officials until May 15 to pay an undisclosed ransom. The group has continued to report new victims following a law enforcement operation in February in which authorities in the UK and US crippled infrastructure used in ransomware attacks.

LockbitSupp, the pseudonymous leader of LockBit, was identified on Tuesday as a Russian citizen named Dmitry Khoroshev as the United States, United Kingdom and Australia imposed financial sanctions on him.

Cash or check only

Officials provided more clarity Monday evening about how the ransomware attack is affecting the city of Wichita’s services, writing that citizens must use cash for all government-provided services.

Police and fire departments still responded to emergency calls but used paper to prepare reports. Citizens were asked to pay water bills, bus tickets, licenses, garbage disposal, museums and court fees with cash or checks.

The city pledged not to shut off water to those unable to pay with cash or check. City Council meetings are not streamed online and Wi-Fi is affected at some library locations. Officials warned that there may be other technological problems with government systems for now.

“Many city systems are down as security experts investigate the source and extent of the incident. There is no timeline for when systems might come back online,” the city said in a statement.

“Other services that may be affected include: staff emails across the city network (if you email us, we may not be able to respond during this outage), the library website, most databases, including Kanopy , LinkedIn Learning, etc., the online services catalog, the self-service print release stations, the self-check stations, the automated materials processor in the Advanced Learning Library – enter returns into the manual book drop-off, most inbound phone calls are possible.”

Emsisoft threat analyst Brett Callow said Wichita became the 38th community in the U.S. to be hit by a ransomware attack this year, after the city of Buckeye, Arizona, also struggled with an attack of its own claims by a ransomware gang on Tuesday.

Get more insights with the

Recorded future

Intelligence Cloud.

Learn more.