The City of Oakland recently experienced a ransomware attack that disrupted services and caused the city to declare a state of emergency, displaying the real-world consequences that cyberattacks can have.
At the time of the incident, it was unclear who was responsible for the attack, but we now know the culprit, or at least who is claiming to be. Dominic Alvieri, a cybersecurity analyst and researcher, shared on Twitter that the Play Ransomware gang was behind the attack:
Play Ransomware, also known as PlayCrypt, is a relatively new ransomware operation that began in June 2022. It adds the extension .play to the encrypted files and leaves a note with the word PLAY and an email address for contact, according to cybersecurity firm Avertium.
Play Ransomware has targeted victims across various sectors and regions, including industrial, manufacturing, technology, real estate, transportation, education, healthcare, government, etc. The ransom demands vary depending on the size and importance of the victim organization. Some victims have reported paying thousands or millions of dollars to get their data back.
The cyber gang uses a combination of encryption algorithms to lock the files, making them impossible to recover without the decryption key. The hackers behind Play Ransomware claim to have access to a "master key" that can decrypt all files affected by their malware. They also claim to steal data from their victims before encrypting them, and threaten to leak them online if they do not pay within a certain time frame, which is exactly what is currently happening to the City of Oakland.
If you read Alvieri's tweet carefully, you'll see that the publication date is listed as March 4, 2023, which prompted the the city to release this statement on March 3:
"While the investigation into the scope of the incident impacting the City of Oakland remains ongoing, we recently became aware that an unauthorized third party has acquired certain files from our network and intends to release the information publicly. We are working with third-party specialists and law enforcement on this issue and are actively monitoring the unauthorized third party's claims to investigate their validity. If we determine that any individual's personal information is involved, we will notify those individuals in accordance with applicable law.
Protecting the confidentially of the information we hold is a responsibility we take seriously. We will continue to work diligently to investigate and address this incident while working with our expert teams to enhance our security even more moving forward. We apologize for any disruptions this incident may have caused, and we thank our community for their continued support."
For now, we will wait to see if the stolen data is indeed published online and how the City of Oakland will respond.
Follow SecureWorld News for more stories related to cybersecurity.