The city of Wichita, Kansas, announced that it was targeted by a ransomware attack in early May. This attack forced the city to shut down parts of the network, as ransomware was encrypted within its IT systems. 

Security leaders weigh in 

Roger Grimes, Data-Driven Defense Evangelist at KnowBe4:

“Lot of people not enjoying Cinco de Mayo this weekend! It's key to find out how the ransomware first obtained initial access to the environment. Was it social engineering, unpatched software or firmware, or something else? If they can't identify how the ransomware first got initial access it's going to be a lot harder to prevent it from happening again.”

Malachi Walker, Security Advisor at DomainTools:

“The transparency displayed by the City of Wichita in disclosing the ransomware attack is incredibly important so that those impacted can be on alert and make necessary responses. It is also a good sign that they are working with law enforcement, taking any impact on data seriously, and hopefully, that means that they have necessary backups in place to reduce the urgency in the demands of those behind this attack.

“In most cases of ransomware, not only has some of the most sensitive data been accessed, but it has also been exfiltrated. From there, threat actors can threaten to share this information with others on the dark web or permanently restrict the victim's access to this sensitive data. Understanding the high consequences of ransomware, organizations and individuals are advised to regularly back up their data on an external drive that is secured and offline. The actions seen from the City of Wichita so sets an example of how to respond to suffering a ransomware attack.”