Cyber Incident Victim: City of Lakewood
Date:
Feb 2023
Location:
United States of America
Summary
The City of Lakewood in Washington faced a ransomware attack by the BlackCat (ALPHV) gang, which claimed to have stolen over 250GB of municipal data and published it on their leak site. The group urged affected third parties to sue the municipality, alleging unaddressed security vulnerabilities and inadequate protection of systems. With a population exceeding 63,000 residents in Pierce County, the city council was publicly pressured by attackers who criticized their negotiation stance and cybersecurity posture. The incident exposed sensitive documents while threatening potential cascading legal and operational impacts due to the leaked data's broad accessibility.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The BlackCat ransomware gang (ALPHV) publicly listed the City of Lakewood, Washington, on its data leak site on or around February 22, 2023. The group claimed to have breached the Lakewood City Council and exfiltrated over 250 gigabytes of data, which they made available via a downloadable link. BlackCat stated the attack stemmed from the City Council's refusal to negotiate ransom terms and asserted that municipal systems remained unsecured with vulnerabilities unresolved. They explicitly encouraged third-party organizations likely affected by the data exposure to initiate lawsuits against Lakewood, citing negligence in cybersecurity practices. The gang alleged the city's infrastructure lacked sufficient protection and warned companies against collaborating with the municipality. Cybernews reported the listing but did not independently verify the authenticity or contents of the leaked files. They contacted Lakewood City Council for comment but received no immediate public response or confirmation regarding the breach or the city’s awareness of the incident.
BlackCat’s leak site post framed the incident as retaliatory while amplifying pressure on Lakewood through threats of legal and reputational repercussions for affiliated entities. The gang’s public statements characterized the municipality as an unreliable partner due to unresolved security flaws. No details were disclosed about specific compromised systems, operational disruptions, or the precise nature of the stolen documents. At the time of reporting, municipal services, financial impacts, or resident data exposure remained unconfirmed. BlackCat’s involvement aligned with their broader 2022–2023 campaign targeting US entities, including a Pennsylvania healthcare provider that publicly refused ransom demands and the Five Guys fast-food chain in late 2022. The group, active since 2021 and known for using Rust-based ransomware, accounted for approximately 12% of global ransomware attacks in 2022 according to cybersecurity analysts. The City of Lakewood, serving a population exceeding 63,000 in Pierce County, did not release an official statement corroborating or refuting BlackCat’s claims as reported in the initial disclosure period.