A ransomware attack on the City of Oakland is now dragging into its sixth day, and the city’s IT department “has taken affected systems offline” to try to minimize the damage.
We’re not sure when a ransomware attack on the City of Oakland started, but NBC Bay Area reports the attack “began Wednesday night,” which is consistent with the city’s own public account that the attacks “began on Wednesday February 8 during the night.” The city is being tight-lipped about what’s being affected, which may be wise, though the way this typically works is that the ransomware attackers encrypt an organization’s files, and then demand some amount of cryptocurrency to un-encrypt them. The city has not disclosed what the attackers are asking for in return.
Our core functions are intact. 911, financial data, and fire and emergency resources are not impacted. The City is following industry best practices and developing a response plan to address the issue.
— City of Oakland (@Oakland) February 10, 2023
As the tweet above from the City of Oakland notes, “Our core functions are intact. 911, financial data, and fire and emergency resources are not impacted.” But KTVU points out that “Oakland City Hall is closed through Tuesday because of the hack,” and a source told the station that “one City Hall insider told KTVU that finance operations are impacted.”
A message on the City of Oakland homepage says, “Several non-emergency systems including voicemail within the City of Oakland are currently impacted or offline.”
With the city not saying much, KTVU spoke to a cybersecurity expert to assess the potential damage here. "Two things that can happen. It could shut down your whole systems, and it can also take all of your data as well," Boston College professor Kevin Powers told the station."If they have all the data backed up, they're gonna wipe the computers clean."
We are actively monitoring the situation and sending updated information as it becomes available.
— City of Oakland (@Oakland) February 10, 2023
KGO spoke to another expert from San Jose State. "Ransomware is on the rise for a simple reason. It's on the rise for a few years because of cryptocurrency availability," said professor Ahmed Banafa. "They go after the government and they went after the schools because they know there's not much spending on the IT department."
"Usually, in a situation of ransom they give something like 5-7 days for organizations to make a decision and get back to them," Banafa told the station. And parenthetically, today would be Day Six.
At least 6 US local governments have been impacted by ransomware already this year, with at least 4 of them having had data stolen. Stats for 2022 in this link. 3/3https://t.co/6pG6DQHABW
— Brett Callow (@BrettCallow) February 10, 2023
According to the cybersecurity form Emsisoft, this is at least the sixth ransomware attack on a local U.S. government in 2023. The City of Modesto is also reportedly dealing with an alleged ransomware attack.
Related: BART Police Files Reportedly Leaked By Hackers, Now On Dark Web [SFist]
Image: City of Oakland