kckpd ransomware

Ransomware group BlackSuit this week claimed responsibility for a May 2024 cyber attack on the Kansas City, Kansas Police Department.

The KCKPD on May 21 announced a network incident impacted some non-emergency services, including email for the city’s fire and police departments, some external phone systems, animal services, and the KCKFD website.

Essential services such as fire, police, and emergency medical services are still operational.

BlackSuit claimed responsibility for the attack on its leak site, saying, “Kansas police said they will not pay a ransom after voluntarily agreeing to have their case files made public. Trust your police.”

KCKPD has not verified BlackSuit’s claim.

We don’t yet know what if any personal information was compromised as a result of the attack, how much the ransom was, or how attackers breached the KCKPD. Comparitech contacted the police department for comment and will update this article if it responds.

This is the second attack against Kansas City claimed by BlackSuit this year. In May, the group claimed responsibility for an April 2024 attack on Jackson County, Missouri.

Besides BlackSuit, other ransomware groups targeted Kansas City this year. Ransomware gang Play attacked the Kansas City Scout traffic management system in April, and the Kansas City Area Transportation Authority (KCATA) was hit by an unclaimed attack in January.

Kansas City announced network issues in May with disruptions ongoing for two weeks, but it’s unclear if those issues are connected to a ransomware attack.

Who is BlackSuit?

BlackSuit first emerged in April 2023, and has a history of attacking critical industries like healthcare, government, and education. It’s a private operation and doesn’t employ a ransomware-as-a-service business model. BlackSuit often extorts victims twice: once for the decryption key to restore attacked systems, and again in exchange for not selling or publishing stolen data.

Comparitech has logged 27 confirmed attacks claimed by BlackSuit, 12 of which occurred this year. It was also behind the recently confirmed attack on the Montgomery County board of Developmental Disabilities.

We’ve logged a further 43 unconfirmed attacks claimed by BlackSuit.

Ransomware attacks on US government organizations

Ransomware can disrupt crucial government services, such as 911 dispatch centers, sheriff’s offices, city councils, tax payments, and utilities. Often, employees have to resort to pen and paper as systems become unavailable. In some instances, backups may help restore data, but, in many cases, organizations can’t recover or protect data subjects without paying the ransom.

we’ve recorded 34 attacks so far this year affecting 50,757 individual records. As we’re not halfway through the year yet, it looks like attacks on US government entities could exceed the total from last year (77). This goes against the grain of other industries which are seeing a dip in confirmed attacks.

We’ve also logged 15 unconfirmed attacks against US government organizations this year so far.

About the KCKPD

The Kansas City, Kansas Police Department provides emergency services to 155,000 citizens and employs more than 340 officers.