Upcoming Virtual Event: Cloud Security Summit | July 17 - Register Now
Connect with us

Hi, what are you looking for?



LockBit Takes Credit for City of Wichita Ransomware Attack

The LockBit cybercrime group has taken credit for the recent ransomware attack that disrupted City of Wichita systems.


The notorious LockBit cybercrime group has taken credit for the recent ransomware attack that forced the City of Wichita, Kansas, to shut down many of its systems.

The city disclosed the incident on May 6, one day after the intrusion was discovered. Wichita said the hackers had deployed file-encrypting malware on some of its systems. 

The incident appears to have impacted water utility, municipal court, cultural, and public transportation payments. The city also announced that public Wi-Fi was not working at the airport, and arrival and departure screens stopped working due to the hack. It’s unclear when these systems would become operational again. 

Wichita is apparently still investigating whether any information was stolen during the cyberattack.

The city was added to the LockBit website on May 7, with the cybercriminals threatening to leak files stolen from its systems in seven days, unless a ransom is paid. 

The news comes shortly after authorities announced the unmasking of LockBitSupp, the mastermind behind the LockBit ransomware operation. 

Dimitry Yuryevich Khoroshev, 31, of Voronezh, Russia, has been charged by the US, where he faces up to 185 years in prison. He has also been sanctioned by the US, UK and Australia. The US is offering up to $10 million for information leading to his arrest.

The LockBit operation was severely disrupted in February by an international law enforcement operation. 

Advertisement. Scroll to continue reading.

Just before authorities named Khoroshev as LockBitSupp, threat intelligence firm Cyberint reported that over 50 companies had been added to the new leak site set up by LockBit operators following the takedown. 

While this could be a sign of the cybercrime group’s revival following the law enforcement operation, Cyberint said it could also represent a final attempt to “garner attention and revenue before law enforcement permanently dismantles their operations”.

Major ransomware groups announcing a significant campaign before permanently shutting down an operation and re-launching under a new name is not unheard of

Related: City of Dallas Details Ransomware Attack Impact, Costs 

Related: Ransomware Attack Pushes City of Oakland Into State of Emergency

Related: $1.1M Paid to Resolve Ransomware Attack on California County

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.


Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.


People on the Move

ICS and OT cybersecurity solutions provider TXOne Networks appoints Stephen Driggers as its new CRO.

Identity orchestration provider Strata Identity has appointed Aldo Pietropaolo as Field CTO.

Cybersecurity provider for the aviation industry Cyviation has appointed Eliran Almog as Chief Executive Officer.

More People On The Move

Expert Insights