In February, the City of Oakland, CA experienced a high-profile ransomware attack that forced them to take several systems offline and declare a local state of emergency.
The City of Oakland was targeted by the PLAY ransomware gang and the attackers were able to steal sensitive data from the city’s systems which included personal information of city employees (birthdates, addresses, social security numbers, etc.) as well as financial records.
In addition, highly confidential records including Internal Affair investigations of the Oakland Police department and civilian city employees, as well as records revealing city whistleblowers identities, were also part of the breach. This type of data takes the risk a step further from identity theft and can very well put people in physical danger.
This week, the hackers made good on their ultimatum and released nearly 10 Gigabytes of data on their website, which has attracted more than 1,100 visitors as of this article.
Initial reports stated this data was mostly financial and personal information that is used for identity theft, as opposed to the confidential law enforcement and whistleblower records – but that may be intentional by the hackers, who are possibly saving the more dangerous data for the next wave to be released.
The PLAY ransomware gang has signaled this is the first of many data leaks until their demands are met. What specifically these demands are have not been confirmed, but there are reports that the ransomware gang is demanding up to $9 million for the files.
Ransomware attacks have become increasingly common in the government sector in recent years, due to the large-scale impact an attack can have on an entire city or municipality. In fact, 12% of all ransomware attacks in 2022 were on municipalities, according to an industry survey – and this is just 12% of the reported amount of ransomware attacks, a number much lower than in actuality.
The City of Oakland has confirmed they are working with law enforcement, including the FBI, and with a third-party organization to restore any impacted systems. They are also providing resources for those who suspect, or may know, that their information was part of the attack (or leak) including credit monitoring and freezes.
For more information on the City of Oakland attack, mitigation or victim resources, please visit www.oaklandca.gov/news/2023/city-of-oakland-targeted-by-ransomware-attack-core-services-not-affected.
How To Avoid Ransomware Attacks
Ransomware attacks are only increasing across all industries. This is why it is more important than ever to take preventative steps to safeguard your organization, people, and data, including:
- Keeping IT systems up to date with the latest patches and anti-virus software
- Protecting data with strong password policies and back up schedules
- Localizing and enforcing a strong data retention policy
- Training employees through Security Awareness training to recognize, avoid, and report potential phishing or malware attacks
- Developing a thorough Incident Response Plan, along with a Business Continuity Plan and Disaster Recovery Plan
Preventative measures such as an IT Risk Assessment and Third-Party Risk Management can also assist in identifying high risk areas where Ransomware attacks are more likely to occur.
With these controls in place, organizations can better minimize and mitigate the damage and ensure an expedited recovery effort. It’s paramount to implement these controls early to minimize the potential risks.
A proactive approach to addressing cybersecurity risks can be the difference between identifying and preventing a malicious event such as a ransomware attack.
About Schneider Downs Cybersecurity
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity, at www.schneiderdowns.com/subscribe.
To learn more, visit our dedicated Cybersecurity page.
Related Posts
No related posts.