The City of Wichita, Kansas, has confirmed it was hit by a ransomware attack over the weekend, prompting the shutdown of segments of its network.
Wichita is the largest city in Kansas, with a population of 400,000, and is among the top 50 largest cities in the United States.
The City revealed the assault with unusual transparency, confirming the incident on Sunday, May 5, as ransomware encrypted its IT systems.
“The transparency displayed by the City of Wichita in disclosing the ransomware attack is incredibly important so that those impacted can be on alert and make necessary responses,” commented Malachi Walker, security advisor at DomainTools.
“Understanding the high consequences of ransomware, organizations and individuals are advised to regularly back up their data on an external drive that is secured and offline.”
The extent of potential data compromise remains uncertain, although it’s common for ransomware groups to steal data from infiltrated networks before initiating encryption.
Read more on ransomware: LockBit, Black Basta, Play Dominate Ransomware in Q1 2024
“It’s key to find out how the ransomware first obtained initial access to the environment,” said Roger Grimes, data-driven defense evangelist at KnowBe4.
“Was it social engineering, unpatched software or firmware or something else? If they can’t identify how the ransomware first got initial access, it’s going to be a lot harder to prevent it from happening again.”
Infosecurity has confirmed that, at the time of writing, online payment systems, such as those for water bills and court citations, are offline due to the attack. Despite the disruption, essential services by first responders, including the police and fire departments, remain operational through the implementation of business continuity measures.
“We are completing a thorough review and assessment of this matter, including the potential impact on data,” reads the City’s website. “Detailed assessments of these types of incidents take time. We thank you for your patience, understanding, and respect for the integrity of this review process.”
While withholding details on the ransomware perpetrators, Wichita has notified local and federal law enforcement agencies, which are collaborating in the response efforts.