BlackSuit ransomware publishes Kansas City, Kansas, police files
The ransomware group BlackSuit this week published hundreds of stolen files from the Kansas City, Kansas, Police Department after it claimed the agency refused to pay its ransom demands.
Brett Callow, a threat analyst at Emsisoft, on Monday posted on X that BlackSuit listed KCKPD on its leak website, where it published files it claims to have obtained from the recent cyberattack.
“Kansas Police said they will not pay a ransom after voluntarily agreeing to have their case files made public. Trust your police,” BlackSuit’s message reads.
Screenshots obtained by StateScoop show that BlackSuit published hundreds of sensitive files, some dating back to 2016. StateScoop’s attempts to verify the nature of the files with the Kansas City Kansas Police Department and the Kansas Office of Information Technology Services went unanswered. The screenshots show folder and file names like “Drone Pics,” “Evidence Room” and “Finance.”
Ransomware actors frequently threaten to publish stolen data in an effort to force their targets to pay their ransom demands. Callow told StateScoop bad actors promise to destroy stolen data in exchange for ransom payment.
“That promise is coming from criminals, and there’s ample evidence that they do not always abide by their promises — why would they — so paying to prevent the release of data makes little sense,” Callow said.
He added that he suspects BlackSuit might be a rebranding of the cybercriminal group Royal/Conti, a developer and distributor of ransomware as a service.
KCKPD is not the only law enforcement agency to have been recently hit by ransomware or to have had data exfiltrated. Medusa, a ransomware group that has been active since June 2021, last month published confidential information from Wichita County Mounted Patrol in Texas. Medusa is known for its quick encryption capabilities. The name, Medusa, is a metaphor for its ability to “turn files to stone.”
According to a Facebook post detailing that exfiltration, Medusa stole 1.53 terabytes of data from the WCMP, including personal data of employees; access to work accounts; email, photo and video archives of evidence and physical evidence; crime scene data; databases of suspects and wanted persons; orientations; characteristics; personal files; reports; financial documentation and employee salary data.
“Valiantly guarding the peaceful sleep of its citizens, Wichita County Mounted Patrol could not save its own database,” Medusa wrote about its cyberattack.
For years, law enforcement agencies have been increasingly sharing data with other agencies within their state and across the country, to improve their chances of identifying suspects and solving crimes. But interconnectivity can be a liability — if one system is exposed, it may also leave other systems vulnerable.
“In some cases, attacks have resulted in prosecutions being dropped. In one case, the criminals even threatened to release details about informants to the gangs on which they were informing,” Callow said.
