Earlier this month, the city of Wichita was hit by a malware ransom attack, causing it to take its computer systems offline in response.
In the weeks since, the city is slowly bringing some of its systems back online. But fully restoring the entire system will take some time.
Here’s what residents should know about the attack:
What information was stolen?
The city disclosed last week that law enforcement incident and traffic information was copied from its computer network between May 3 and 4. That information includes: names, Social Security numbers, driver’s license or state identification card numbers, and payment card information.
Law enforcement is still investigating. A Russian ransomware group, LockBit, took responsibility for the attack.
In an update, the city said the incident is related to a vulnerability that was recently disclosed affecting “organizations throughout the world.”
Cybersecurity experts have warned that agencies using the same software for their systems should update them regularly, especially when vulnerabilities are exposed.
They also argued that the systems should be set up to mitigate the spread if someone does get into the computer network, like a fire department would do to prevent the spread of a fire.
“We have to make sure that we understand how to recognize it, we understand how to disrupt it,” said Jack Danahy from NuHarbor Security, a cybersecurity firm. “We build the house that we live in on the internet in a way where the flames don't just spread so rapidly and affects so many people and so many services that people rely on.”
Why are attacks like this becoming common?
According to experts like Danahy, cyberattacks are cheap to carry out, making them profitable, especially if a ransom is paid or another party pays for the stolen data.
At the same time as the attack on Wichita, Kansas City, Missouri, was also hit, although it hasn’t said much about the attack. The Kansas Courts system is finally back online after a months-long recovery and investigation into its cyberattack last fall.
Locally, Ascension was hit by an attack days after Wichita. Ascension operates hospitals, clinics and nursing homes in 19 states, including Via Christi St. Francis, St. Joseph and St. Teresa in Wichita.
Government agencies like the city are also more vulnerable to attacks because they don’t have sophisticated security systems. And as a public-facing agency, it’s also easy to find employee contact information for phishing attempts to get into its systems.
How does this impact residents and the city?
Residents should monitor their credit reports and account information for suspicious activity, especially within the next six to nine months.
Residents can request a free credit report, one per year, at annualcreditreport.com, or request one from the three major credit reporting bureaus. A fraud alert or credit freeze can also be placed for up to a year.
In the meantime, the city is still digging itself out and investigating the attack. So, it’ll take some time for its systems to come back online, especially for things like paying water bills.
It’s also still too soon to know exactly how much the attack and getting back online will cost the city, especially in labor hours after the fact, like manually entering data that would normally be inputted through a computer.
Experts like Danahy from NuHarbor said it will take time for things to just be normal again. He also said while residents should be patient as the systems come back online, they should ask the city for transparency, especially in holding it accountable to make sure something of this magnitude won’t happen like this again.
“At the end of it, they should be able to say, ‘This is what we saw; this is what we did,’” Danahy said, “and I think that will give everybody a great sense of comfort.”
