City of Wichita shuts down computer network after ransomware attack

The City of Wichita, Kansas, has reported that its computer network was taken offline due to a ransomware attack on May 5th 2024.

Due to the incident, malware encrypted data on various systems and the city IT team had to shut down online services to contain the damage. To maintain essential services, first responders have switched to business continuity measures. Law enforcement agencies have been notified, and the city has enlisted third-party specialists to assist in restoring affected systems.

Wichita states that it is working to assess the impact of the attack, including whether personal data was compromised. The city emphasized that the assessment of such incidents requires time, asking for patience and understanding during this process.

The city is not disclosing the identity of the ransomware group involved in the attack. No other details of the attack have been disclosed.

Update - as of 9th of May 2024, the LockBit ransomware group has taken responsibility for the cyberattack on the City of Wichita, with a ransom payment deadline set for May 15, 2024.

As of 15th of May 2024, officials have confirmed that law enforcement data was stolen during the attack. The stolen files contained law enforcement incident and traffic information, including:

• names,
• Social Security numbers,
• driver’s license or state identification card numbers,
• payment card information,

The city also disclosed that  hackers got in through a “recently disclosed security vulnerability that affects organizations throughout the world.”

The number of affected individuals is still not disclosed.