The Play ransomware gang has taken accountability for a cyberattack on the City of Oakland that has disrupted IT methods since mid-February.
Oakland is a metropolis in California on the east aspect of the San Francisco Bay Area with a inhabitants of about 440,000. The metropolis serves because the area’s principal hint middle and financial engine.
The metropolis’s authorities knowledgeable the general public it had been focused by a ransomware assault on February 10, 2023. It impacted all community methods besides 911 dispatch, hearth emergency companies, and town’s monetary methods.
On February 14, 2023, the City of Oakland issued a neighborhood state of emergency to expedite restoring the impacted methods and bringing all its companies again on-line as quickly as doable.
All enterprise taxation obligations acquired a 45-day extension, as town couldn’t facilitate on-line funds. Parking quotation companies had been additionally impacted, not accepting calls or transactions at cashier cubicles.
By February 20, 2023, IT specialists helped restore entry to public computer systems, scanning, printing, library companies, and wi-fi web connectivity all through town’s services.
However, town’s non-emergency cellphone companies (OAK311) and the enterprise tax licenses remained unavailable, whereas the net allow middle returned to partial service.
The newest replace on the City of Oakland web site got here on February 28, 2023, two weeks after the ransomware assault, with the service standing remaining primarily unchanged.
Play claims accountability for assault
The Play ransomware gang has now claimed accountability for the assault on Oakland, itemizing them as victims on its extortion web site on March 1, 2023, as first noticed by safety researcher Dominic Alvieri.
The risk actors declare to have stolen paperwork containing non-public, confidential knowledge, monetary and authorities papers, identification paperwork, passports, private worker knowledge, and even info allegedly proving human rights violations.
These paperwork had been allegedly stolen through the hackers’ intrusion into the City of Oakland’s networks. They at the moment are used as leverage to get town’s administration to satisfy their calls for and pay the ransom.
The risk actors threatened to publish the above paperwork tomorrow, in order that they gave Oakland roughly 72 hours to reply to the extortion.
None of the standing updates revealed on the City of Oakland’s portal point out knowledge exfiltration, so town’s authorities haven’t but confirmed that knowledge was stolen.
Play ransomware launched in June 2022 when victims started disclosing assaults within the BleepingComputer boards.
Since then, the ransomware operation has attacked many organizations, together with Belgium metropolis of Antwerp, H-Hotels, Rackspace, Arnold Clark, and A10 Networks.