Kansas City Police Hit by BlackSuit Ransomware, Disrupting Services

Incident Date: Jun 17, 2024

Attack Overview
VICTIM
Kansas City, Kansas Police Department (KCKPD)
INDUSTRY
Government
LOCATION
USA
ATTACKER
Black Suit
FIRST REPORTED
June 17, 2024

Ransomware Attack on Kansas City, Kansas Police Department by BlackSuit Group

Victim Profile: Kansas City, Kansas Police Department

The Kansas City, Kansas Police Department (KCKPD), led by Chief of Police Karl Oakman, is the primary law enforcement agency for the city's 153,000 residents. With approximately 420 staff members, including 340 sworn officers, KCKPD is notable for its comprehensive community engagement and transparency efforts. The department operates through three patrol divisions and various specialized units, managing an average of 355,000 emergency calls per year. Despite its robust community-oriented initiatives, the integration of extensive digital tools and external communication channels may increase its vulnerability to cyber threats.

Attack Overview

In May 2024, KCKPD fell victim to a ransomware attack orchestrated by the BlackSuit group, a new but formidable player in the cybercrime arena. This attack primarily disrupted non-emergency services, including email systems and external phone systems, affecting both the police and fire departments. Essential services, however, remained unaffected. BlackSuit claimed responsibility on their dark web leak site, alleging non-compliance with ransom demands by KCKPD and threatening to release sensitive case files.

Ransomware Group: BlackSuit

Emerging in 2023, BlackSuit has shown a disturbing proficiency in targeting both Windows and Linux systems, including critical infrastructure on VMware ESXi servers. The group's tactics, techniques, and procedures bear a striking resemblance to those of the Royal ransomware group, suggesting a possible affiliation or shared lineage. This connection underscores BlackSuit's capability to execute high-impact cyberattacks across diverse operating environments.

Potential Penetration Methods

Given BlackSuit's known capabilities, the initial breach could have involved phishing attacks targeting KCKPD's digital communication tools or exploiting vulnerabilities in their network infrastructure, particularly given the department's extensive use of technology in operations and community engagement. The exact penetration method remains speculative without detailed forensic analysis, but these vectors are consistent with BlackSuit's modus operandi.

Sources:

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.