The city of Oakland in California has been posted to LockBit’s dark web victim blog following a ransomware attack last month that resulted in the leaking of information from its network. The gang has given Oakland’s city council till April 10 to start negotiations otherwise more information will from the city will be leaked
Though the city services website remains online, it is displaying a notice warning of a “network outage” that has affected “key services” such as the tax office and some non-emergency phone lines.
Second Oakland ransomware attack in weeks
The alleged attack comes just weeks after the Oakland’s city council revealed it suffered an attack in February at the hands of the Play ransomware gang.
“We are aware that an unauthorized party has released some of the information acquired from our network,” a council statement said.
“The findings to date indicate that an unauthorised actor accessed computer systems where certain individuals’ personal information was stored as part of their employment with the city,” the statement continued, describing the breach as a “ransomware incident”.
This information may have been used by LockBit to launch today’s attack. Cybercriminals often deploy stolen data as part of phishing attacks to convince victims to download hidden malware from what appears to be a trustworthy source.
It is also possible that both the gangs implemented the attacks at the same time, says ransomware researcher Dominic Alvieri. “Play ransomware was the group that declared them first. Both groups may have attacked around the same timeframe. This is not unheard of and more prevalent lately,” he told Tech Monitor.
LockBit strikes again
LockBit is a Russian ransomware gang that has been active since 2019. Its current iteration, called LockBit 3.0 or LockBit Black, has been particularly aggressive, having hit over 850 companies in 2022 alone. US organisations have been most commonly targeted by the group over the last 12 onths.
The FBI and CISA released a report last week explaining that the gang’s current malware is more modular and evasive than its previous versions and shares similarities with that used by two other ransomware gangs from Russia, Blackmatter and Blackcat.
Both US government organiseations recommend that companies carry out several steps to secure themselves against LockBit 3.0. These include “storing passwords in hashed format using industry-recognized password managers” and “requiring administrator credentials to install software”.