Defiance City Hit by Cyber Extortion: Knight Ransomware Group Strikes

The City of Defiance has fallen victim to a cyberattack orchestrated by the notorious Knight ransomware group. The City of Defiance data breach was first brought to light on December 13, 2023, when Knight officially listed the City of Defiance as their latest target.

The threat actor, known as Knight, revealed their malicious intent on the dark web, declaring, “DEFIANCE, a great place to live.” The dark web post indicated that the attackers had successfully breached the city’s internal network, gaining access to over 390 gigabytes of sensitive data. 

Among the compromised files were employee records, law enforcement videos, emails, and various confidential documents, including contracts.

City of Defiance Data Breach Decoded

Defiance, Ohio, the city in the crosshairs of this alleged cyber attack, is situated about 55 miles southwest of Toledo and 47 miles northeast of Fort Wayne, Indiana.

With a population of 17,066 as per the 2020 census, the city now faces the fallout of a cyber incident that has put its residents and infrastructure at risk.


The ominous disclosure included a countdown on the dark web, with a promise to reveal download links at the end of the ticking clock. The City of Defiance’s contact information, including its address and phone number, was also disclosed, adding an unsettling dimension to the cyber threat.

The Cyber Express, eager to shed light on the situation, reached out to the City of Defiance for an official statement or response. As of the time of writing, no communication or acknowledgment has been received from the affected city.

Who is the Knight Ransomware Group?

Knight ransomware group, a relatively recent entrant into the cybercrime arena since August 2023, follows the disturbing trend of employing double extortion tactics.

This modus operandi involves encrypting files on victims’ machines and exfiltrating sensitive data for extortion purposes.

Interestingly, Knight’s predecessor, Cyclops, was equipped with multi-OS tools for Windows, Linux, and Mac OS. While the investigation has currently identified a Windows version of the Knight ransomware, there is a looming concern that other versions tailored for different operating systems may be in development.

Notably, Knight has been previously implicated in phishing campaigns targeting Italian organizations. These campaigns leverage malicious email attachments, a tactic reminiscent of an advisory issued by CERT Italy in early September.

Security researcher @felixw3000 had also reported similar activities in August. Furthermore, the delivery of Knight ransomware is often facilitated by the notorious Remcos and Qakbot malware.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.