The administration of the City of Oakland, California, declared a state of emergency on Tuesday due to a ransomware attack that occurred last week.
“The City of Oakland recently learned that it was subject to a ransomware attack, and the City and its Information Technology Department (ITD) are following industry best practices to investigate the scope and severity of the issue and develop a response plan,” wrote interim city administrator Harold Duffey.
“Core functions, such as 911, are intact [but] as a cautionary measure, ITD has taken certain non-emergency systems offline while they work to secure and restore services safely, which may result in delays in City services.”
On Wednesday, the city issued a new update, saying that it was continuing to implement recovery plans to restore impacted systems as quickly and securely as possible.
“The network outage has impacted many non-emergency systems, including our ability to collect payments, process reports, and issue permits and licenses,” reads the latest blog post on the City of Oakland website.
“As a result, some of our buildings are closed. We encourage the public to email the service counters they want to visit before coming to City buildings.”
According to Erfan Shadabi, a cybersecurity expert from comforte AG, this ransomware incident underscores a harsh reality that may affect any governmental agency.
“A ransomware attack isn’t just a remote possibility but rather a likely imminent event,” Shadabi told Infosecurity in an email. “The major objectives of the threat actors behind these attacks are to be able to halt operations, encrypt crucial operational data, and generally cause havoc in the provision of governmental services.”
To remain safe against threats like these, Chris Clements, VP of solutions architecture at Cerberus Sentinel, said municipalities must adopt an authentic culture of cybersecurity that goes beyond simply buying the latest cybersecurity products.
“An effective cybersecurity culture must start from [...] principles and account for all aspects,” Clements told Infosecurity via email.
“[These include] proactive system and application hardening, attack surface minimization, continuous monitoring that could indicate the presence of an attacker, and regular vulnerability scanning and penetration testing.”
At the time of writing, no threat actors have claimed responsibility for the attack against the City of Oakland’s infrastructure.
The incident comes days after the ransomware gang LockBit published a log of conversations between its operators and Royal Mail following an attack on the company.