The City of Oakland, it looks like, opted not to pay any ransom to a hacker group that succeeded in hobbling multiple city systems, and that group is now planning to make good on its threat to release an unknown amount of sensitive data.
Oakland city offices suffered a ransomware attack several weeks ago, and while the city has assured the public that no emergency services were affected, an unknown number of city departments and the city's financial services offices were affected.
The city has been cagey until now about what the hackers might or might not have gained access to, and on Friday the city is still only saying that the hackers "acquired certain files from our network" and that they plan "to release the information publicly."
"We are working with third-party specialists and law enforcement on this issue and are actively monitoring the unauthorized third party’s claims to investigate their validity," city officials said in a posting on the city's website. "If we determine that any individual’s personal information is involved, we will notify those individuals in accordance with applicable law."
The release may be imminent, and it seems plausible that this could cause some embarrassment. As Oaklandside reports, the criminal hacker collective known as PLAY has taken credit for the attack, and members have apparently said in online forums that they plan to relase "private and personal confidential data, financial, gov and etc. IDs, passports, employee full info, [and] human rights violation information."
It seems like this could extend to personal information of city employees (including the police department), though it's not clear what information they could have obtained about city residents, except maybe property tax details? As Oaklandside previously reported, the ransomware attack impacted the city's voicemail system and business-tax collection, as well as Oakland's public libraries.
Some City of Oakland offices were closed for at least a week last month as a result of the ransomware attack, which began the night of February 8 and encrypted city files and disabled some city systems. Ransomware attackers typically demand a sum of money in cryptocurrency to un-encrypt the files — and this attack on a city government follows similar attacks on the cities of Tulsa and Baltimore in recent years, along with hundreds of others in small and medium-sized cities where computer systems are likely to be old and unsecured.
Simultaneous with Oakland's ransomware attack, the city of Modesto has also been emerging from an attack, and it's not clear if the PLAY groups was behind that one as well. As KCRA reported, the City of Modesto said this week that the hackers had accessed and threatened to release personal information belonging to members of the city's police department, and the city said it would be informing all individuals affected.
The Department of Justice announced in January that the FBI had taken down one large ransomware operation known as HIVE, which one expert told Scientific American was "up there with the largest ransomware groups that we’ve got data on."
Previously: Ransomware Attack On City of Oakland Leaves City Hall Closed, Many Systems Still Paralyzed
Photo: Justin Sullivan/Getty Images