Cyber Incident Victim: City of Wichita

On May 5, 2024, the City of Wichita, Kansas, publicly disclosed a cybersecurity incident involving malware that encrypted certain municipal computer systems. The attack occurred on Sunday, prompting immediate containment measures including the shutdown of the city’s entire computer network to prevent further propagation of the malware. This action resulted in temporary unavailability of unspecified online city services, though officials activated business continuity protocols where feasible to minimize operational disruptions. The City’s press release emphasized the deliberate nature of the network disconnection, stating it was necessary to securely vet systems before restoration. Concurrently, Wichita Dwight D. Eisenhower National Airport reported technical difficulties affecting its WiFi and real-time flight arrival/departure displays at 3 p.m. local time, though no direct attribution to the broader city incident was confirmed.

The City engaged third-party cybersecurity specialists to assist in forensic analysis and network restoration efforts, while declining to identify the threat actor group claiming responsibility for operational security reasons. Officials initiated a comprehensive review to assess potential data compromise, acknowledging the time-intensive nature of such investigations in their public communications. Residents were directed to a dedicated city webpage for incident updates and FAQs, with authorities emphasizing patience and restraint during the ongoing assessment. No further technical specifics regarding affected systems, data exposure risks, or malware variants were disclosed as of the initial announcement. Service disruptions remained unresolved at the time of reporting, with recovery timelines contingent upon completion of security validations.