City of Cedar Falls Ransomware Attack

Ransomware group BlackSuit has posted the City of Cedar Falls, Iowa, to its data leak site overnight. It alleges to have stolen a variety of data, including employee data, financial data, and more, giving the City 72 hours to pay up before the data will be sold via public auction.

Cedar Falls confirmed on July 3 that it had been hit by a ransomware attack on June 19 and had undergone a limited period of ‘controlled downtime.’ In the update, it said: “It appears at this time that the unauthorized activity was limited. However, our investigation is ongoing.” It also noted that: “We are investigating whether the persons responsible for the event had access to any personal information during the course of the event. If we determine any personal information may have been affected, we will notify any such individuals.”

We do not yet know how BlackSuit infiltrated the City’s systems, what the ransom demand was, or how many people were potentially affected by this breach. Comparitech has contacted the City for more information and will update this article if it responds.

Cedar Falls - BlackSuit

Who is BlackSuit?

BlackSuit first emerged in April 2023. Since then, we have logged 33 confirmed attacks via this group and 60 unconfirmed attacks. It was also responsible for the recent attack on Monroe County, the Kansas City – Kansas Police Department, Montgomery County Board of Developmental Disabilities (MCBDDS), and Jackson County.

BlackSuit is a private operation and doesn’t employ a ransomware-as-a-service business model. BlackSuit often extorts victims twice: once for the decryption key to restore attacked systems, and again in exchange for not selling or publishing stolen data.

Ransomware attacks on US government organizations

US government organizations have been under an increasing number of attacks this year with 45 confirmed incidents to date. Therefore, 2024 looks set to exceed 2023’s total of 77. We have also tracked 14 unconfirmed attacks on US government entities this year so far.

As well as the aforementioned attacks carried out via BlackSuit, some of the more recent incidents have included Clay County, Monroe County, Florida Department of Health, Waupaca County, and the Town of Apex. Yesterday, Dallas County also started issuing data breach notifications to 201,404 people following its ransomware attack in October 2023, which Play claimed.

Ransomware attacks on government organizations aim to cause widespread disruption by encrypting systems. As our recent study found, a ransomware attack on a US government organization caused nearly 16.5 days of downtime on average in 2023. However, as the recent breach notification from Dallas County highlights–these attacks also have the potential to breach vast amounts of data.

More about the City of Cedar Falls

The City of Cedar Falls in Iowa has a population of just over 40,000 people and is located in Black Hawk County. It is also home to the University of Northern Iowa.