Cyber Incident Victim: Town of Frederick

On July 7, 2022, the LockBit ransomware group listed the Town of Frederick, Colorado—a municipality of approximately 15,000 residents—on its victim leak site, claiming responsibility for an attack. The Frederick Police Department initiated an investigation into these claims in coordination with the town’s Information Technology team. A town spokesperson confirmed receiving notification of a potential ransomware incident but stated no evidence of intrusion into the town’s secure network had been identified at that stage. The Colorado Division of Homeland Security and Emergency Management provided support through its Colorado Information Analysis Center, which operates within the state’s cybersecurity division. The governor’s office did not publicly comment on the incident. LockBit, a ransomware-as-a-service operation active since 2019, had recently surpassed the Conti group to become the most prolific ransomware entity based on publicly claimed victims.

LockBit’s attack on Frederick occurred amid a surge in activity by the group, which claimed over 50 victims in June 2022 alone, bringing its cumulative total to 903 confirmed incidents according to data aggregated by Recorded Future. The group had recently rebranded and targeted entities including La Poste Mobile in France, a Foxconn factory, a Canadian fighter jet training company, and a German library service. While ransomware attacks on U.S. local governments showed a slight decline in mid-2022 compared to 2021—when 77 municipalities reported incidents—Frederick’s case aligned with several high-impact attacks during this period, including incidents affecting Alexandria, Louisiana; Somerset County, New Jersey; and school districts in Indiana and California. The investigation in Frederick remained ongoing, with authorities focused on validating LockBit’s claims and assessing potential network compromises. No operational disruptions or confirmed data breaches were disclosed by the town at the time of initial reporting.