City of Oakland suffers from a ransomware attack

City of Oakland becomes a ransomware attack victim

City of Oakland suffers from a ransomware attackA known ransomware group takes credit for the attack

Since February 10, 2023, the city of Oakland, California, has been the target of a ransomware attack that has disrupted most of its IT systems. The Play ransomware gang claimed responsibility for the attack on March 1, 2023,[1] and listed Oakland as a victim on its extortion website.

The attackers claimed to have stolen confidential data, financial and government documents, identity documents, passports, personal employee data, and even information allegedly proving human rights violations. The Play ransomware gang is now leveraging these documents to force the city administration to meet their demands and pay the ransom.

Impact on city services

On February 14, 2023, the City of Oakland declared a local state of emergency[2] in order to expedite the restoration of its IT systems and services. Except for 911 dispatch, fire emergency services, and the city's financial systems, the attack affected all network systems. As a result, business taxation obligations were given a 45-day extension, and parking citation services were unavailable, with cashier booths not accepting calls or transactions.

IT specialists had restored access to public computers, scanning, printing, library services, and wireless internet connectivity throughout the city's facilities by February 20, 2023. However, the city's non-emergency phone services (OAK311) and business tax licenses remained inaccessible, while the online permit center reopened in part. As of February 28, 2023, the City of Oakland's website had received no new updates, and the service status remained largely unchanged.

Play Ransomware gang claims responsibility for the cyberattack

The Play ransomware gang first attacked organizations in June 2022, including the Belgian city of Antwerp, H-Hotels, Rackspace, Arnold Clark, and A10 Networks. The Play ransomware gang claimed responsibility for the attack on the City of Oakland on March 1, 2023, and posted a ransom note on its extortion site.

The attackers demanded the ransom and threatened to publish the sensitive documents they allegedly stole while breaking into the city's networks. The threat actors gave Oakland 72 hours to respond to the extortion attempt. However, none of the status updates published on the City of Oakland's portal mentioned data exfiltration, and city officials did not confirm that data had been stolen.

Authorities confirm data may have been stolen

On March 4, 2023, the City of Oakland published an update on its status page,[3] stating that it had recently learned that data from its networks had been stolen. The authorities also stated that the investigation into the scope of the incident is ongoing and that if they determine that any individual's personal information is involved, they will notify individuals in accordance with applicable law.

The City of Oakland's recent announcement regarding the data breach has caused concern among its residents, as the theft of personal and confidential data can have serious implications for individuals. This news has heightened fears of identity theft, financial fraud, and other malicious activities that can be carried out with stolen personal data.

The fact that authorities were initially unaware of the data theft has also cast doubt on the effectiveness of Oakland's cybersecurity measures. It's unclear how the Play ransomware gang got into the city's networks and stole sensitive data without being detected. The potential release of sensitive information raises concerns about the City of Oakland's reputation and residents' trust in their local government. If the data is made public, the city may face legal action and significant financial costs.

This incident demonstrates the growing threat of ransomware attacks and data breaches, as cybercriminals continue to target organizations of all sizes and industries. The Play ransomware gang is just one of many groups responsible for these attacks, which are frequently successful due to the use of sophisticated tactics and techniques. As a result, organizations must invest in strong cybersecurity measures to protect their networks and sensitive data from cyber threats.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions