California’s finance department has been hit by a cybersecurity attack, the state’s Cybersecurity Integration Center (Cal-CSIC) confirmed on Monday.
According to a blog post by Cal-CSIC, the intrusion was identified through coordination with state and federal security partners.
“Upon identification of this threat, digital security and online threat-hunting experts were rapidly deployed to assess the extent of the intrusion and to evaluate, contain and mitigate future vulnerabilities,” reads the statement.
The Cal-CSIC further explained that while they cannot comment on specifics of the ongoing investigation, they confirmed that no state funds have been compromised.
Meanwhile, the Russia-affiliated ransomware group LockBit is claiming responsibility for the attacks, days after Mikhail Vasiliev was charged with participation in the gang's global ransomware campaign.
Writing in their blog, LockBit said they have stolen 76GB of data, including IT and financial documents, confidential data and “sexual proceedings in court.” They added that the Department of Finance has until December 24 to pay up or else the group will publish a cache of stolen files.
“Cal-CSIC seems to imply that the incident was proactively detected and may have been mitigated, although the ebudget website continues to be inaccessible as of Monday afternoon,” explained Chris Clements, VP of solutions architecture at Cerberus Sentinel.
According to the security expert, this would indicate that cyber-criminals may have been successful in encrypting or wiping at least some systems with ransomware or wipers before detection.
“While the facts are not completely known yet, the apparent system outages as well as extortion threats from LockBit of publicly releasing stolen data stretch the meaning of ‘proactively detected,’” Clements added.
The attack comes amidst Governor Gavin Newsom having to present his budget for the next fiscal year by January 10, 2023. The current budget allocated for cybersecurity efforts is $38.8m.
At the time of writing, the California Budget website remains offline. The security incident comes weeks after a report from Trellix confirmed LockBit ransomware remained the most widespread in the third quarter of 2022.