Hackers Begin Publishing Data Of Oakland City Workers

Whistleblower leak keyboard security breach © CarpathianPrince Shutterstock

After a ransomware attack last month on the city of Oakland in California, hackers have begun leaking stolen data online

Hackers belonging to the Play ransomware gang have begun to leak data from the City of Oakland, California, that was stolen in a recent cyberattack.

Last month the Californian city of Oakland declared a declared a state of emergency to allow the city to expedite orders and equipment procurement, and activate emergency workers following a devastating ransomware attack.

The attack was so severe that Oakland experience a network outage that left several non-emergency systems including phone lines within the City of Oakland impacted or offline.”

Stolen data

Bleeping Computer has now reported that the hackers have begun publishing data that was stolen during the ransomware attack, after Oakland refused to pay the ransom.

The initial data leak reportedly consists of a 10GB multi-part RAR archive allegedly containing confidential documents, employee information, passports, and IDs.

“Private and personal confidential data, financial information. IDs, passports, employee full info, human rights violation information. For now partially published compressed 10gb,” the ransomware criminals were quoted by Bleeping Computer as saying on their data leak site.

The city of Oakland updated its statement on the cyberattack, and said it is monitoring the situation and will notify any individuals whose personal information was exposed.

“While the investigation into the scope of the incident impacting the City of Oakland remains ongoing, we recently became aware that an unauthorised third party has acquired certain files from our network and intends to release the information publicly,” Oakland stated.

“We are working with third-party specialists and law enforcement on this issue and are actively monitoring the unauthorised third party’s claims to investigate their validity,” it added. “If we determine that any individual’s personal information is involved, we will notify those individuals in accordance with applicable law.”

Holiday, weekend vulnerabilities

Meanwhile Dr Darren Williams, CEO and founder of cybersecurity specialist Blackfog, warned organisations to be aware of the times of the week when they are especially vulnerable.

Dr Williams said he was unsurprised that the attack took place on such a large scale – an ever-growing problem that cities and countries are facing worldwide.

“As cyber adversaries continue to focus on making the biggest impact by affecting the most people, its unsurprising that the public sector and government remains a compelling target,” said Dr Williams. “In 2022 for example, our State of Ransomware report observed a 17 percent increase in reported governmental cyber-attacks.”

“City councils and governments need to re-prioritise their cybersecurity as clearly, this isn’t an issue that will just go away,” added Dr Williams. “The effect of the attack on the City of Oakland last month appears to only now be setting in, as the stolen personal data of city workers has begun to be leaked by the attackers.”

“Moreover, hackers often favour weekends and holidays to launch attacks, when the majority of employees/IT security teams are out of office, so newer technologies that focus on automated prevention 24/7 must be added to the security stack,” Dr Williams concluded.

Insurance policies

Last month security researchers at Varonis revealed that some ransomware hackers are now seeking to enter negotiations with their victims, rather than opting for the “naming and shaming” extortion approach commonly adopted by other criminals.

Varonis discovered for example that the HardBit ransomware utilises a predefined ransom note contained within the ransomware threat, which apparently encourages the victims to contact them by email or via the Tox instant messaging platform.

And in a sick twist, rather than specifying an amount of bitcoin requested within this ransom note, the criminals seeks to negotiate with victims to reach a settlement.

Varonis said that notably as part of these negotiations, victims with cyber insurance policies are also encouraged to share insurance details with HardBit so that their demands can be adjusted to fall within the policy.