Kansas City Police Hit by BlackSuit Ransomware, Disrupting Services

Incident Date: Jun 17, 2024

Attack Overview

VICTIM

Kansas City, Kansas Police Department (KCKPD)

INDUSTRY

Government

LOCATION

USA

ATTACKER

Black Suit

FIRST REPORTED

June 17, 2024

Request Removal

Ransomware Attack on Kansas City, Kansas Police Department by BlackSuit Group

Victim Profile: Kansas City, Kansas Police Department

The Kansas City, Kansas Police Department (KCKPD), led by Chief of Police Karl Oakman, is the primary law enforcement agency for the city's 153,000 residents. With approximately 420 staff members, including 340 sworn officers, KCKPD is notable for its comprehensive community engagement and transparency efforts. The department operates through three patrol divisions and various specialized units, managing an average of 355,000 emergency calls per year. Despite its robust community-oriented initiatives, the integration of extensive digital tools and external communication channels may increase its vulnerability to cyber threats.

Attack Overview

In May 2024, KCKPD fell victim to a ransomware attack orchestrated by the BlackSuit group, a new but formidable player in the cybercrime arena. This attack primarily disrupted non-emergency services, including email systems and external phone systems, affecting both the police and fire departments. Essential services, however, remained unaffected. BlackSuit claimed responsibility on their dark web leak site, alleging non-compliance with ransom demands by KCKPD and threatening to release sensitive case files.

Ransomware Group: BlackSuit

Emerging in 2023, BlackSuit has shown a disturbing proficiency in targeting both Windows and Linux systems, including critical infrastructure on VMware ESXi servers. The group's tactics, techniques, and procedures bear a striking resemblance to those of the Royal ransomware group, suggesting a possible affiliation or shared lineage. This connection underscores BlackSuit's capability to execute high-impact cyberattacks across diverse operating environments.

Potential Penetration Methods

Given BlackSuit's known capabilities, the initial breach could have involved phishing attacks targeting KCKPD's digital communication tools or exploiting vulnerabilities in their network infrastructure, particularly given the department's extensive use of technology in operations and community engagement. The exact penetration method remains speculative without detailed forensic analysis, but these vectors are consistent with BlackSuit's modus operandi.

Sources:

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.