Ransomware Attack on Jackson County Government: BlackSuit Group Exposes Employee and Financial Data

Incident Date: May 11, 2024

Attack Overview

VICTIM

Jackson County Goverment

INDUSTRY

Government

LOCATION

USA

ATTACKER

Black Suit

FIRST REPORTED

May 11, 2024

Request Removal

Ransomware Attack on Jackson County Government

Overview

A ransomware attack on Jackson County Government resulted in the theft of employee and financial data, as well as other information from shared folders. The recent ransomware attack by Bianlian exposed employee data like passports, contracts, family details, and medical examinations, as well as financial data like audits, reports, ,and payments.The ransom note left by the attackers warned clients and employees that the management "does not care about their personal information".

Victim Profile

Jackson County, Missouri, is a county government serving the residents of the Kansas City metropolitan area. With a population of about 654,000 people living within 607 square miles, the county includes most of Kansas City, Missouri, and 17 other cities and towns. The county government is headquartered at the Truman Courthouse in Independence, Missouri. It operates in the Government sector, specifically in the Assessment and Collection department. The Assessment Department is responsible for the valuation of all real and personal property in Jackson County. The county also offers online services for property declarations and tax payments.

Ransomware Group Analysis

The ransomware group BlackSuit, which claimed the attack on Jackson County Government, is a new ransomware family closely related to the notorious Royal ransomware group. BlackSuit targets both Windows and Linux systems, including critical VMware ESXi servers. The group distinguishes itself through the use of the .blacksuit extension on encrypted files and a ransom note named README.BlackSuit.txt.

Penetration Method

The BlackSuit ransomware group may have penetrated Jackson County Government's systems through phishing emails, vulnerable software, or exploiting weak network security. The high degree of similarity between BlackSuit and Royal ransomware suggests a connection between the two groups, indicating a sophisticated and organized cybercriminal operation.

Sources:

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.