Ransomware Gang Claims Responsibility For The Attack On Oakland
The Play ransomware gang has taken responsibility for a cyber attack on the City of Oakland that has disrupted IT systems since February. Oakland is a city in California on the east side of the San Francisco Bay Area with a population of about 440,000. Now, the Play gang has begun partially publishing data they stole.
The criminals claim that they have taken control of documents containing private and sensitive information, financial and official records, identity documents, passports, individual employee data and other sensitive information.
On March 1, 2023, the city was listed as a victim on the gang’s extortion website, as discovered by security researcher Dominic Alvieri. These documents were stolen during the hackers’ network intrusion. They are now used as a bargaining chip to persuade the city administration to meet their demands and pay the ransom.
The gang is also warning it has more stolen data to dump, to pressure the city to pay up to prevent more confidential information from leaking. “For now partially published compressed 10gb. If there no reaction full dump will be uploaded,” the Play gang wrote.
Previously, Oakland's local government disclosed that it was the target of a ransomware attack on February 10th which disrupted all of its IT networks, except for emergency services.
On February 14, the city declared a state of emergency to expedite the restoration of the impacted systems and all services as soon as possible. Because the city could not accept online payments, all business taxation obligations were given a 45-day extension. Parking violation services were also affected, with cashier booths unable to accept calls or transactions. By February 20, IT specialists had assisted in the restoration of public computers, printing, scanning, wireless Internet connectivity, and library services throughout the city’s facilities, but the city’s non-emergency phone services and business tax licenses remained unavailable.
Play Ransomware, also known as PlayCrypt, is a relatively new ransomware operation that began in June 2022. Previously Play Ransomware has targeted victims across various sectors, including industrial, manufacturing, technology, real estate, transportation, education, healthcare, government and others.
The ransom demands vary depending on the size and importance of the victim organisation. Some victims have reported paying thousands or millions of dollars to get their data back.
Malwarebytes: Bleeping Computer: SecureWorld: PCMag: ABC7: TEISS:
You Might Also Read:
Banning Ransomware Payments - Will It Work?:
__________________________________________________________________________________________
If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquiries: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible