Oakland ransomware attack: Leaked data has more than 3.1K views on dark web

Stephanie Sierra Image
Friday, March 17, 2023
Oakland ransomware attack: Leaked data has 3.1K+ views on dark web
After Oakland was targeted with a ransomware attack by group "Play," the stolen data has more than 3,100 views on the dark web as of Thursday evening.

OAKLAND, Calif. (KGO) -- Victims compromised from the ransomware attack on the City of Oakland are reporting their credit card information has been hacked, with some with their identities stolen.

It's been 12 days since stolen personal and financial files from the City of Oakland was leaked onto the dark web by ransomware group "Play." The stolen data has more than 3,100 views as of Thursday evening. The city has provided a phone number for affected consumers to get help accessing resources: 866-869-1861.

"Currently, there are 40 different victim profiles active on the site," said James Aurand, the counterintelligence lead with Binary Defense.

RELATED: Expert explains how City of Oakland may have become victim of ransomware attack

Aurand says 18 of those victim profiles appear to be from Oakland - about 10 GB of data.

"A lot of the victim profiles actually have data that has been leaked," said Aurand. "A couple of them are new victims that have been posted."

According to Aurand, the dark website has a countdown timer letting victims know how much time they have left before that data is going to be released or made public on the site. It's accessible through a password that's provided to view the data.

The ABC7 News I-Team has learned the city hired a security awareness company KnowBe4, based out of Florida to help prevent future phishing attacks, but the protocols being implemented may take a year before there's any significant impact.

VIDEO: Oakland officials, experts worry ransomware group may leak more 'sensitive' stolen data, sources say

Oakland could be facing another data leak days after a ransomware group exposed its first batch of sensitive files stolen, sources say.

"It's been awful," Oakland City Councilmember Noel Gallo said.

Gallo says current and former city employees and local small business owners, who only speak Spanish, are struggling to get help.

"I do get the phone calls and emails of people knocking on my home door, saying I can't use my credit card," said Gallo. "They're asking, what does this mean? How can I get this resolved?"

The I-Team confirmed the City of Oakland upgraded their Microsoft 365 services this week in order to implement 'enhanced security controls' like multi-factor authentication and compromised account detection.

RELATED: Social security, bank info of Oakland employees, businesses may be compromised in ransomware leak

"It can take up to a year to reduce their risk in regards to phishing attacks," said James McQuiggan, a specialist with KnowBe4.

KnowBe4 is conducting simulations that assess the percentage of Oakland city employees at risk to phishing scam emails - one of the ways the ransomware group Play may have hacked into the city's network. According to McQuiggan, currently one in every three employees may be at risk.

"By doing those phishing simulations, you'll be able to reduce that to one in every 20 people or one in every 30 people," said McQuiggan, adding it may take a year to get to that point.

Data obtained by the I-Team shows the city's IT department has 89 budgeted positions, with 17 current vacancies. But the city is under a hiring freeze and is facing a multi-million dollar budget deficit next year.

RELATED: Oakland ransomware attack: Here's a look at how other cities solved their cyberattacks

"From a staffing perspective, don't just rely on security training," said Patrick Harr, the CEO of Slashnext, an integrated cloud security company.

Harr says ransomware threats will become more vicious in the years to come through artificial intelligence or AI like ChatGPT.

"These threat actors are using AI to mimic your likeness, mimic your voice, and mimic the places you go," Harr said. "People need to use AI to fight AI."

Experts who've studied "Play" say the ransomware group may wait six months to one year before using all the data or selling it - serving as a reminder for those at risk to always be on alert.

Take a look at more stories by the ABC7 News I-Team.

Now Streaming 24/7 Click Here

If you're on the ABC7 News app, click here to watch live