The LockBit ransomware group is threatening to leak files stolen from the City of Oakland’s systems.
However, the gang has yet to provide any proof of having stolen any files from the city’s network. On the new entry added to the LockBit dark web data leak website, they only warn that all the data they have will be published in 19 days, on April 10. The City of Oakland has not yet commented on the claims made by the LockBit ransomware group.
This is the second ransomware gang to claim to have stolen data from the City of Oakland after the Play ransomware group claimed responsibility for a mid-February cyberattack.
The Play gang later leaked what it claimed to be the City of Oakland’s stolen data.
Impacted employees were told that some of their personal information was stolen from the City’s compromised systems, including names, addresses, driver’s license numbers, and Social Security numbers.
The City of Oakland has declared a local state of emergency because of the impact of the ransomware attack that forced it to take all its IT systems offline on February 8 until the network was secured.
While this ransomware attack did not impact the City’s 911 and emergency services, other systems had to be taken offline, including phone service and systems used to process reports, collect payments, and issue permits and licenses.
The City is still working on restoring affected systems, and the FBI is helping with the ongoing investigation into the incident.
Oakland Mayor Sheng Thao said in a press conference that the City is optimistic that all its systems would be online again in the next few weeks or maybe the next month.
The incident shows that the City of Oakland wouldn’t be the first ransomware victim breached multiple times within days or weeks, as an automotive supplier had its systems encrypted by three different ransomware gangs within two weeks, two of the attacks happening within just two hours.
