NewsLocal News


Cyber threat analyst says ransomware gang named Jackson County hack in dark web post

cyber expert.png
Posted at 4:17 PM, May 14, 2024
and last updated 2024-05-14 18:19:49-04

KANSAS CITY, Mo. — A ransomware gang mentioned Jackson County in a post on the dark web over the weekend, according to cyber threat analyst Brett Callow.

Callow, who works for Emsisoft, alerted KSHB 41 to the posting, which he shared to his X account.

“All of the ransomware gangs have sites on the dark web where they name their victims, or at least the victims who don't pay them and release the data,” Callow said.

RELATED | KCMO computer system issues impact water bill payments, permit issuances

He noted the group, Black Suit, is believed to be a rebranding of a group that recently impacted the city of Dallas.

Last month, Jackson County confirmed the ransomware attack but said taxpayers’ private information was not collected. A county spokesperson reiterated there’s no indication taxpayer, personal and sensitive financial information was compromised.

Black Suit’s posting this weekend claimed the opposite.

The group claimed it has access to employee data and financial data. Callow explained a bar at the bottom of the group’s post indicated it has only released a fraction of the information.

“They don't want to release the data,” Callow said. “They want money. And when they release the data, they lose a little bit of leverage each time. And when they've released all the data, they have no more leverage.”

Cybersecurity firm Sophos releases a "State of Ransomware" report each year. The most recent report showed attacks on local governments are trending downward.

Among the possible reasons given, the report cited the sector’s "limited ability" to pay ransoms.

Callow pointed out there’s enough money for these ransomware groups to still attack some local governments. He said there's a lack of transparency about the issue, too.

“This creates a problem, and we don't really even know which way ransomware is trending,” he said. "We just don't know because there's so much secrecy surrounding us.

The analyst said one of the best preventative measures is tracking payments within the blockchain.

"They can be seen, and we know that last year was a record year for the bad guys; more than $1 billion in ransoms was paid, " Callow said.

From a consumer perspective, Callow noted that most of these ransomware gangs do not typically use stolen data to commit identity fraud. He said they are usually more interested in collecting the ransom.

Still, there is some risk.

If you are concerned about identity theft, this link is a resource from the FTC.