How would you feel to wake up one day and find that your city's IT systems are offline? That's the reality the City of Oakland, California, is facing after a ransomware attack last week.
The incident has caused enough damage that the city has declared a state of emergency to expedite orders, materials, and equipment procurement, and to activate emergency workers when needed, highlighting the real-world consequences of cyberattacks.
However, the incident did not affect core services, with the 911 dispatch and fire and emergency resources all working as expected.
The city's IT department is working with a leading forensics firm to perform an extensive incident response and analysis, as well as with additional cybersecurity firms on recovery and remediation efforts. The ransomware group behind the attack is currently unknown, and the city has not shared any details regarding ransom demands or data theft from compromised systems.
Interim City Administrator G. Harold Duffy signed the state of emergency, which is to be forwarded "to the President of the United States to seek a Presidential Declaration of a Federal Emergency and make all relevant funds available to the City of Oakland and all eligible community members and businesses."
This is not the first time that a state of emergency has been declared due to a ransomware attack. In July 2019, Louisiana Governor John Edwards declared a state of emergency after a wave of ransomware attacks hit the state's school districts. The IT systems of school districts in Morehouse, Sabine, Monroe City, and Ouachita were all taken offline after being encrypted with ransomware, causing state-wide disruptions to school systems.
In May of 2022, Costa Rica declared a state of emergency after Conti threat actors gained access to several government agencies. In this case, the attackers demanded a $10 million payment from the Costa Rican government in exchange for not releasing any of the stolen information online.
This incident highlights the growing threat of ransomware attacks on governments and organizations. According to Emsisoft threat analyst Brett Callow, "at least six U.S. local governments have been impacted by ransomware already this year, with at least four of them having had data stolen." Microsoft also revealed in January that it's now tracking more than 100 ransomware gangs known to have deployed over 50 unique ransomware families through the end of last year.
Like almost every cybersecurity incident, this should serve as a reminder of the importance of implementing robust cybersecurity measures to prevent such attacks. Organizations must stay vigilant and have proper incident response plans in place to quickly contain and remediate any potential security breaches.
Follow SecureWorld News for more stories related to cybersecurity.