The Play ransomware gang has taken duty for a cyberattack on the Metropolis of Oakland that has disrupted IT techniques since mid-February.
Oakland is a metropolis in California on the east facet of the San Francisco Bay Space with a inhabitants of about 440,000. The town serves because the area’s major hint middle and financial engine.
The town’s authorities knowledgeable the general public it had been focused by a ransomware attack on February 10, 2023. It impacted all community techniques besides 911 dispatch, hearth emergency companies, and the town’s monetary techniques.
On February 14, 2023, the Metropolis of Oakland issued a local state of emergency to expedite restoring the impacted techniques and bringing all its companies again on-line as quickly as potential.
All enterprise taxation obligations obtained a 45-day extension, as the town couldn’t facilitate on-line funds. Parking quotation companies had been additionally impacted, not accepting calls or transactions at cashier cubicles.
By February 20, 2023, IT specialists helped restore entry to public computer systems, scanning, printing, library companies, and wi-fi web connectivity all through the town’s services.
Nonetheless, the town’s non-emergency telephone companies (OAK311) and the enterprise tax licenses remained unavailable, whereas the web allow middle returned to partial service.
The most recent replace on the City of Oakland website got here on February 28, 2023, two weeks after the ransomware assault, with the service standing remaining primarily unchanged.
Play claims duty for assault
The Play ransomware gang has now claimed duty for the assault on Oakland, itemizing them as victims on its extortion website on March 1, 2023, as first noticed by safety researcher Dominic Alvieri.
The risk actors declare to have stolen paperwork containing personal, confidential information, monetary and authorities papers, identification paperwork, passports, private worker information, and even data allegedly proving human rights violations.
These paperwork had been allegedly stolen through the hackers’ intrusion into the Metropolis of Oakland’s networks. They’re now used as leverage to get the town’s administration to satisfy their calls for and pay the ransom.
The risk actors threatened to publish the above paperwork tomorrow, in order that they gave Oakland roughly 72 hours to answer the extortion.
Not one of the standing updates revealed on the Metropolis of Oakland’s portal point out information exfiltration, so the town’s authorities haven’t but confirmed that information was stolen.
Play ransomware launched in June 2022 when victims started disclosing assaults within the BleepingComputer forums.