Ransomware group BlackSuit today claimed responsibility for an April 2024 cyber attack on Jackson County, Missouri. BlackSuit says it stole employee and financial data, and is demanding a ransom in exchange for not selling data or leaking it to the public.
On April 2, Jackson County announced the attack disrupted several government services, including the Assessment, Collection and Recorder of Deeds offices. Those offices didn’t reopen until April 16, which delayed real estate transactions in the area. The attack also impacted tax payments, marriage licenses, and inmate searches.
In addition to crippling those systems, BlackSuit says it also stole confidential data from Jackson County’s network, including:
- Employee data, including passports, contracts, family details, and medical examinations
- Financial data including audits, reports, payments, and contracts
- Other data from shared and personal folders
BlackSuit posted a proof pack on its leak site containing screenshots of the allegedly stolen data.
Jackson County officials have not confirmed BlackSuit’s claim. We do not yet know how many people’s data is affected, how attackers breached Jackson County’s network, how much the ransom is, or whether Jackson County intends to pay it.
Comparitech contacted Jackson County officials for comment and will update this article if it responds.
Who is BlackSuit?
BlackSuit first emerged in April 2023, and has a history of attacking critical industries like healthcare, government, and education. It’s a private operation and doesn’t employ a ransomware-as-a-service business model. Blacksuit often extorts victims twice: once for the decryption key to restore attacked systems, and again in exchange for not selling or publishing stolen data.
Comparitech has logged eight attacks by BlackSuit so far in 2024, including attacks on Octoapharma Plasma, South St. Paul Public Schools, East Central University, and Group Health Cooperative of South Central Wisconsin. Since it first launched, we’ve recorded 23 BlackSuit attacks in total.
Ransomware attacks on US government organizations
In 2023, 74 US government organizations confirmed ransomware attacks, affecting 309,810 records, according to our data. The average ransom for confirmed attacks was $830,000 in 2023, and the average downtime was 14 days.
So far in 2024, we’ve logged 25 confirmed ransomware attacks on US government organizations.
Ransomware can disrupt crucial government services, such as 911 dispatch centers, sheriff’s offices, city councils, tax payments, and utilities. Often, employees have to resort to pen and paper as systems become unavailable. In some instances, backups may help restore data, but, in many cases, organizations can’t recover or protect data subjects without paying the ransom.
About Jackson County
Jackson County is home to more than 700,000 people, making it the second-most populous county in Missouri. Jackson County cities include Kansas City, Blue Springs, Independence, and Oak Grove.
In the Kansas City area, ransomware gangs have successfully attacked Liberty Hospital and the KC Scout traffic management system (KCATA).