Ransomware Attack Hits City of Wichita. The City of Wichita in Kansas fell victim to a ransomware attack in late 2023, encrypting critical data and shutting down many of its internal systems and public-facing services.
The City of Wichita ransomware attack occurred in early December, though city officials did not publicly disclose the incident until January 2024.
At that time, they confirmed that certain city IT systems had been impacted by ransomware and that various services, including online bill payments, were temporarily unavailable.
The ransomware gang behind the attack, dubbed ‘Babuk Locker,’ claimed they had successfully breached the city’s network and encrypted important files.
They demanded an unspecified ransom in cryptocurrency in exchange for a universal decryption key to unlock the data. However, the city refused to pay the ransom.
“As part of this assessment, we turned off our computer network,”
The city told residents on the website.
Major Disruptions to City Services During Ransomware Attack
The City of Wichita ransomware attack had wide-reaching consequences as it compromised critical internal IT systems that many day-to-day operations relied on.
Some of the services impacted included:
- Temporary shutdown of online bill payments for utilities like water, gas, and trash collection
- Disruptions to the county phone system which handled non-emergency public safety calls
- Issues with computer-aided dispatch for emergency services like police and fire departments
- Downtime for the city’s finance, human resources, courts, and other administrative systems
The ransomware infection also forced several city departments, including utilities, to revert to manual and paper-based processes during the response and recovery period.
This understandably caused delays and inconveniences for residents and businesses interacting with the local government.
City of Wichita Ransomware Attack Update: Lengthy Recovery Process Still Ongoing
Although months have passed since the ransomware attack in late 2023, officials say the recovery remains a work in progress.
In its latest City of Wichita ransomware attack update, the city acknowledged it was still in the process of restoring some systems from backups and repairs. The lengthy recovery is due to the extensive nature of the ransomware’s infiltration and damage.
Key services have been restored but residual issues may linger as IT teams continue remediation efforts. The city has declined to reveal the full financial costs of dealing with the ransomware outbreak and bringing operations back online.
It remains focused on strengthening its cyber defenses to prevent similar disruptive attacks in the future. Officials stressed the importance of maintaining robust backups, applying security patches in a timely manner, and improving employee cybersecurity awareness through training.
The unfortunate City of Wichita ransomware attack highlights the risks public organizations face from modern ransomware gangs. It also shows how significantly such incidents can impact core government functions and the local communities that depend on them.