Over the weekend, the cybercriminals behind the Play ransomware published data allegedly stolen from the City of Oakland last month. The cyberattack started on February 8 and was discovered two days later, when the city announced that it had taken systems offline to contain the incident. To speed up the restoration efforts, the city declared a local state of emergency one week later.
On March 1, the Play ransomware operators created a listing on their leak website, claiming to be in the possession of large amounts of data stolen from the city. Oakland confirmed two days later that the attackers had exfiltrated data from its network and had made threats to release it. On March 4, the Play ransomware operators made public a 10GB archive file that allegedly contains data stolen from the City of Oakland during the intrusion. The leaked data includes personal information, financial information, identity documents, passports, employee information, and human rights violation information.
The City of Oakland has stated that they are working with third-party specialists and law enforcement to investigate the validity of the unauthorized third party’s claims and that they will notify any individuals whose personal information is involved in accordance with applicable law. It is unclear if the city made a payment to the attackers, but it is clear that they have not, as the Play ransomware operators have still released the data.
The Play ransomware is one of the most active file-encrypting malware families and has been used in recent attacks on Rackspace and A10 Networks.
In summary, the City of Oakland was the target of a cyberattack by the Play ransomware on February 8 which led to the exfiltration of large amounts of data including personal and financial information. The attackers have made threats to release the stolen data and have recently made public a 10GB archive file containing the stolen data. The City of Oakland is working with third-party specialists and law enforcement to investigate the validity of the unauthorized third party’s claims and to notify any individuals whose personal information is involved. The Play ransomware has also been used in recent attacks on Rackspace and A10 Networks.
Key Points:
1. City of Oakland was the target of a cyberattack by the Play ransomware on February 8
2. Attackers have made threats to release the stolen data and have recently made public a 10GB archive file containing the stolen data
3. City of Oakland is working with third-party specialists and law enforcement to investigate the validity of the unauthorized third party’s claims
4. Play ransomware has also been used in recent attacks on Rackspace and A10 Networks
5. Stolen data includes personal information, financial information, identity documents, passports, employee information, and human rights violation information