The Play ransomware gang has taken responsibility for a cyberattack on the city of Oakland that has disrupted computer systems since mid-February.
Oakland is a city in California located east of the San Francisco Bay with a population of approximately 440,000. The city is the main center of traceability and the economic engine of the region.
City authorities informed the public that she had been the target of a ransomware attack on February 10, 2023. This impacted all network systems except for 911 dispatch, fire emergency services, and city financial systems.
On February 14, 2023, the city of Oakland declared a local state of emergency to expedite the restoration of impacted systems and bring all of its services back online as soon as possible.
All business tax obligations received a 45-day extension because the city could not facilitate online payments. Parking citation services were also affected, not accepting calls or transactions at checkout booths.
On February 20, 2023, IT specialists helped restore access to public computers, scanning, printing, library services, and wireless internet connectivity to all city facilities.
However, the city’s non-emergency telephone services (OAK311) and business tax licenses remained unavailable, while the online permit center resumed partial service.
The latest update on the City of Oakland website occurred on February 28, 2023, two weeks after the ransomware attack, with the state of the service remaining essentially unchanged.
The game claims responsibility for the attack
The Play ransomware gang has now claimed responsibility for the attack on Oakland, listing them as victims on its extortion site on March 1, 2023, as first spotted by a security researcher Dominique Alvieri.
Threat actors claim to have stolen documents containing private and confidential data, financial and government documents, identity documents, passports, personal data of employees and even information proving human rights violations. male.
These documents were allegedly stolen during the hackers’ intrusion into the networks of the city of Oakland. They are now being used as leverage to get the city administration to comply with their demands and pay the ransom.
The threat actors threatened to release the above documents tomorrow, so they gave Oakland approximately 72 hours to respond to the extortion.
None of the status updates posted on the Oakland City Portal mention data exfiltration, so city officials have yet to confirm that any data was stolen.
Play ransomware was launched in June 2022 when victims started disclosing attacks in the IT Forums.
Since then, the ransomware operation has attacked numerous organizations, including Belgium city of Antwerp, H-Hotels, rack space, Arnold ClarkAnd A10 networks.