The notorious Play ransomware recently claimed responsibility for cyberattack against the City of Oakland in California. Unless its ransom demand was answered with an appropriate payment, the gang threatened to disclose private files on its dedicated leak site.

Data breach, ransomware

Claiming ownership of an attacks

The first indication that the Play ransomware gang was behind the Oakland attack came on March 1, when Dominic Alvieri, a leading cybersecurity researcher, spotted the city listed as a victim on the threat operator’s dedicated extortion site.

The malicious operators claimed to have exfiltrated documents containing confidential and private data, government and financial papers, passports, identity documents, personal information on employees, and even data that allegedly proved human rights violations.

All the sensitive documents were stolen allegedly during the attackers’ recent intrusion into the computer networks used by the City of Oakland. The data is now being employed to exert pressure on the city’s administrators to meet their ultimatum and pay the requested ransom.

Stolen data leaked

The Play ransomware gang has now started to leak data stolen from the City of Oakland during the recent attack.

The first round of leaked data consists of a 10 gigabyte multi-part RAR archive that allegedly contains confidential documents, as well as employee information, IDs and passports.

The City of Oakland’s administration countered by issuing an updated statement. The City stated that its teams are monitoring the present situation and will inform any data subjects whose personal information was compromised in the attack. The statement explained further:

“While the investigation into the scope of the incident impacting the City of Oakland remains ongoing, we recently became aware that an unauthorised third party has acquired certain files from our network and intends to release the information publicly. We are working with third-party specialists and law enforcement on this issue and are actively monitoring the unauthorised third party’s claims to investigate their validity. If we determine that any individual’s personal information is involved, we will notify those individuals in accordance with applicable law.”

The Play ransomware gang’s attack against the city took place on February 8. Until the city’s network could be secured, all IT systems were taken immediately offline. While the ransomware attack did not affect emergency and 911 services, many systems were inoperable, including the city’s phone service and its systems employed to collect payments, issue licences and permits, and process reports.

To cope with the disruptive situation, it was necessary for Oakland to declare a local state of emergency. This allowed it to expedite orders, equipment and materials procurement, and access emergency workers as required.

City administration represents an ideal target for ransomware operators like the Play gang, which thrive on causing chaos and disruption. Local authorities are charged with providing multiple services that support their area. When interrupted by extreme technical issues caused by ransomware attacks, this can lead to a wide range of issues and even harm to members of the public. Ransomware operators use this threat as leverage to force their victims to give in to their demands.

Put your data in safe hands

Ransomware is a nasty method of terrorising organisations while trying to exploit them. The best way to counter this method of attacks is to encrypt data and make backups of it. Encrypting data means that only the designated recipients can decrypt and access the data so that threat operators can’t leak it and cause your organisation a huge data breach, while backups of data will mean that even if threat operators take hold of this (pretty useless to anyone but you) encrypted data you will still have recent versions to access and get back on track with.

Luckily, we at Galaxkey have created a state-of-the-art and easy to use platform that allows your organisation to encrypt data, in transit and at rest, with just a couple clicks. Get a demonstration today to see how we can help you.