A ransomware group has escalated its threats against the city of Oakland, California, announcing that it plans to publish stolen data as early as Saturday. This revelation comes as city officials deal with the fallout from a significant cyberattack that disrupted government operations and essential services last month.
The group, known as Play, shared its intentions publicly on Thursday, claiming the stolen data encompasses a broad spectrum of sensitive information. "Private and personal confidential data, financial, gov, etc. IDs, passports, employee full info, human rights violation information," reads a statement posted on the group’s leak site.
On February 8, Oakland officials first detected the network disruption, prompting the shutdown of numerous internal and external systems. This led to various city departments temporarily suspending services that included public information applications and permit processing. The incident is currently undergoing an investigation by both state and federal law enforcement agencies. Additionally, the city has engaged private firms to assist in the investigative and recovery efforts.
Impact and Legacy
As part of the recovery process, some city functions impacted by the ransomware attack have been restored, including the 311 hotline and certain permit applications. However, services such as online business tax filings and parking ticket payments remain non-operational. In a statement released Friday, city officials acknowledged the new threat from Play. "While the investigation into the scope of the incident impacting the City of Oakland remains ongoing, we recently became aware that an unauthorized third party has acquired certain files from our network and intends to release the information publicly," they noted. "If we determine that any individual’s personal information is involved, we will notify those individuals in accordance with applicable law."
"While the investigation into the scope of the incident impacting the City of Oakland remains ongoing, we recently became aware that an unauthorized third party has acquired certain files from our network and intends to release the information publicly,"
With a population of approximately 435,000 residents, Oakland declared a state of emergency on February 16 in response to the ransomware incident. The severity of the attack has raised concerns among officials and residents alike regarding the security and integrity of personal information.
Play, which first gained notoriety in June of the previous year, is characterized by its straightforward ransom demands, which typically consist of simple, one-word notes bearing its name. Analysts have drawn parallels between Play and the now-defunct Hive ransomware group, suggesting that Play affiliates exhibit similar operational tactics. "Play affiliates behave similarly to malicious actors who had been involved with Hive," indicated an analysis from the IT security firm Trend Micro.
"Play affiliates behave similarly to malicious actors who had been involved with Hive,"
One notable tactic employed by both ransomware groups has been the exploitation of vulnerabilities in VPN services provided by Fortinet, a strategy that has proven effective in their attacks.
By the Numbers
The frequency and boldness with which ransomware actors publish stolen data have escalated in recent months. For context, last fall featured a significant breach where individuals associated with the Vice Society malware leaked around 500 gigabytes of confidential information taken from the Los Angeles Unified School District. This data dump included sensitive employee files and students' mental health records, raising ethical and legal questions surrounding data privacy.
As Oakland faces this new threat from Play, the absence of specific details regarding the amount of data the group intends to release has added to the city's anxiety. As investigations continue, city leaders are called to enhance cybersecurity measures and provide assurance to residents that steps are being undertaken to safeguard their information.
Impact and Legacy
The impact of the ransomware attack on Oakland not only disrupts local governance but also highlights the urgent need for robust cybersecurity strategies to protect against sophisticated threats. Moving forward, city officials, cybersecurity professionals, and residents alike must remain vigilant as they confront the evolving landscape of cybercrime.