The City of Oakland is bracing itself after ransomware actors that breached municipal government networks last month began releasing the data they stole.
City officials released a statement on Friday apologizing for the continued disruption the incident is causing.
“We recently became aware that an unauthorized third party has acquired certain files from our network and intends to release the information publicly,” it said.
“We are working with third-party specialists and law enforcement on this issue and are actively monitoring the unauthorized third party’s claims to investigate their validity. If we determine that any individual’s personal information is involved, we will notify those individuals in accordance with applicable law.”
Reports suggest the threat actors, associated with ransomware group Play, have in fact already begun releasing the stolen files. It’s still unclear what data was taken, but it’s most likely to include city workers’ personal information.
The city was forced to declare a state of emergency following the initial incident last month. That enabled it to access additional resources from the California Governor’s Office of Emergency Services (CalOES), including IT experts from CalOES and other state departments such as the California Military Department.
They’re currently still engaged in “workstation restoration” efforts, hinting that the ransomware was able to cause significant damage.
Although 911 services were unaffected, non-emergency systems were taken offline after the breach on February 8.
An update on February 28 claimed the city’s OAK311 phone system was back up, as was the permit application system. However, at that time the Business Tax Online Payments system was still unavailable, and parking citation cashiers were not able to process payments or receive phone calls.
Given the disruption the city is experiencing and the Play group’s decision to leak stolen data, it would appear that Oakland didn’t pay the ransom demanded of it.