{
	"id": "273530c5-839c-4236-b41c-e76fbd915593",
	"created_at": "2026-04-06T00:08:31.449403Z",
	"updated_at": "2026-04-10T03:20:35.567475Z",
	"deleted_at": null,
	"sha1_hash": "c152a22f6d5684da14fd531676faa57194441b33",
	"title": "LockBit ransomware used in attack on Ohio town’s court, police department and more",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 150371,
	"plain_text": "LockBit ransomware used in attack on Ohio town’s court, police\r\ndepartment and more\r\nBy Jonathan Greig\r\nPublished: 2023-02-02 · Archived: 2026-04-05 14:16:02 UTC\r\nThe city of Mount Vernon, Ohio said its police department, municipal court and other government offices were\r\naffected by a ransomware attack that started on December 19.\r\nOn Tuesday, the city’s government released a statement saying officials were made aware of an incident that\r\nbegan at 3 a.m. the morning of the 19th. \r\n“The breach occurred through a remote access tool utilized by the City’s information technology (IT) provider,\r\nwhich also affected other clients of that provider,” city officials said.  \r\n“The intruder installed ransomware known as LockBit, requesting a ransom for access to certain files. The\r\nimpacted departments in the City were Mount Vernon Municipal Court, the Police Department, Auditor’s office\r\nand Public Works.” \r\nCity experts and their IT provider, Dynamic Networks, have spent the last week working to restore all of the\r\nsystems affected using backups. Vulnerable software has been removed from all of their systems, according to the\r\nstatement. \r\nThe statement claims no documents with personal identifiable information were “removed, or accessed, from City\r\nsystems” but officials did not respond to questions about how that could be possible considering the ransomware\r\ngang gained access to both court and police systems. \r\nThe city, which has about 17,000 residents, said it is also working with its insurance provider so they can have an\r\nindependent evaluator determine whether personal information was stolen.  \r\nCity officials did not respond to requests for comment about whether state or federal officials have been notified\r\nabout the incident. \r\nJay Carey, a representative for the Ohio Department of Public Safety and the Ohio governor’s office, told The\r\nRecord that the city and county have not asked for assistance from state officials. \r\nLocal news outlets said the auditor's office as well as departments handling public works and cemeteries were\r\naffected by the attack.\r\nPolice officials in the city had to move to the Knox County Sheriff's Office to continue some work.\r\nhttps://therecord.media/lockbit-ransomware-group-attacks-ohio-towns-court-police-department-and-more/\r\nPage 1 of 4\n\nRansomware groups have made a point of going after poorly-resourced local governments across the United\r\nStates in 2022, targeting small governments in New Jersey, Colorado, Oregon, New York and several other\r\nstates.  \r\n\"This is part of a continuing trend of attacks against local, state and national governments,\" said Recorded Future\r\nransomware expert Allan Liska.\r\n\"Recorded Future has noted 175 publicly reported attacks this year against governments, down from 2021 (196)\r\nbut still a big problem.\"\r\nThe LockBit ransomware gang has quickly become the most prolific ransomware gang operating in 2022,\r\nlaunching hundreds of attacks this year on government agencies, companies and organizations around the world.\r\nThe Justice Department said the group gained prominence in January 2020 and “has become one of the most\r\nactive and destructive ransomware variants in the world.”\r\n“Since first appearing, LockBit has been deployed against at least as many as 1,000 victims in the United States\r\nand around the world. LockBit members have made at least $100 million in ransom demands and have extracted\r\ntens of millions of dollars in actual ransom payments from their victims,” the Justice Department said in\r\nNovember after charging a dual Russian and Canadian national for his alleged participation in the group’s attacks. \r\nLockBit was linked to 82 attacks in August, bringing its total number of victims to 1,111, according to data\r\ncollected by Recorded Future from extortion sites, government agencies, news reports, hacking forums, and other\r\nsources.\r\nFrench police said the group was behind a crippling attack on a hospital about an hour south-east of Paris last\r\nmonth, which disrupted its medical imaging, patient admissions, and other services. About one-third of\r\nransomware attacks targeting industrial systems in the second quarter were attributed to LockBit, according to\r\ncybersecurity firm Dragos.\r\nhttps://therecord.media/lockbit-ransomware-group-attacks-ohio-towns-court-police-department-and-more/\r\nPage 2 of 4\n\nThe group has seen a spike in activity since June, when it launched a new version — what it calls “LockBit 3.0”\r\n— that allegedly included technical improvements and a bug bounty program that offered rewards for ways to\r\nimprove the ransomware operation.\r\nA chart tracking ransomware attacks as of December 2022.\r\nResearchers have linked more than 1,029 attacks to LockBit since the group began its operation. The group was\r\nconsidered a marginal player until last year when it launched LockBit 2.0, a new version of its ransomware-as-a-service platform.\r\nAbout one-third of ransomware attacks targeting industrial systems in the second quarter were attributed to\r\nLockBit, according to cybersecurity firm Dragos.\r\nSome experts noted that the marked increase in LockBit incidents may also be due to the fact a toolkit to create\r\nDIY versions of the LockBit ransomware leaked in September. Several experts and researchers confirmed to The\r\nRecord that the builder works and allows anyone to create their own ransomware based on the LockBit model.\r\nhttps://therecord.media/lockbit-ransomware-group-attacks-ohio-towns-court-police-department-and-more/\r\nPage 3 of 4\n\nJonathan Greig\r\nis a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since\r\n2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.\r\nHe previously covered cybersecurity at ZDNet and TechRepublic.\r\nSource: https://therecord.media/lockbit-ransomware-group-attacks-ohio-towns-court-police-department-and-more/\r\nhttps://therecord.media/lockbit-ransomware-group-attacks-ohio-towns-court-police-department-and-more/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://therecord.media/lockbit-ransomware-group-attacks-ohio-towns-court-police-department-and-more/"
	],
	"report_names": [
		"lockbit-ransomware-group-attacks-ohio-towns-court-police-department-and-more"
	],
	"threat_actors": [],
	"ts_created_at": 1775434111,
	"ts_updated_at": 1775791235,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c152a22f6d5684da14fd531676faa57194441b33.pdf",
		"text": "https://archive.orkl.eu/c152a22f6d5684da14fd531676faa57194441b33.txt",
		"img": "https://archive.orkl.eu/c152a22f6d5684da14fd531676faa57194441b33.jpg"
	}
}