FBI not negotiating with ransomware group that leaked Oakland data

Wednesday, May 10, 2023

FBI no longer negotiating with group that leaked Oakland data

The FBI is no longer negotiating with the ransomware group that hacked into the city of Oakland's network leaking sensitive data onto the dark web.

OAKLAND, Calif. (KGO) -- The FBI is not negotiating with the ransomware group that hacked into the City of Oakland's network leaking sensitive data onto the dark web, the I-Team confirmed.

The 610 gigabytes of data exposed over two data leaks included sensitive information of thousands of Oakland residents. As of Monday morning, the data the ransomware group "Play" leaked has more than 12,000 views on the dark web. In the meantime, Oakland's IT systems are 95 percent restored nearly three months after the city's network was crippled from the hack. Councilman Noel Gallo says his office is fully operational - phone and computers - for the first time since February.

"I can get email on the computer," Gallo said. "We had 200-300 phone messages that were not responded to."

The mayor's office says they're still investigating how the hack happened but added the "extensive manual review" of leaked data shows "certain current and former employees and a limited subset of residents" were impacted.

VIDEO: Oakland ransomware victims never notified of SSN leak, I-Team finds

Dozens of victims of Oakland ransomware hack were never notified their social security numbers were leaked on the dark web, the I-Team found.

"If a limited subset is every Oakland police officer, that shows you the value there is for us public servants who come to work every day," said Oakland Police Officer's Association President Barry Donelan. "If it's a limited subset for the citizens who've been waiting for calls for service or assistance from the city and don't have it because this ongoing challenge... this is a much larger group than she seems to acknowledge."

Gallo added, "I would not have defined it that way. The bottom line is, it's a serious issue and we failed to provide protection."

Last month, the I-Team spoke to dozens of people who had their social security numbers leaked along with other sensitive data, but none of them were notified by the city. Nearly a month later, those answers are still the same.

"Have you heard anything?" ABC7's Stephanie Sierra asked members in the group.

"No, I didn't know until Channel 7 called."

"I haven't heard anything."

"Nope."

Donelan spoke with the I-Team last month as he was trying to schedule a meeting with Mayor Sheng Thao to discuss the impacts of the breach and a strategy moving forward.

"Where does that stand today?" Sierra asked.

"It never happened," said Donelan. "We've had no responses...we did get a letter from the city attorney's office saying they understand they have an obligation but that they're focused on finding out the folks who initially did the ransomware attack - not on protecting city employees."

The city says they're working on responding to all the outstanding requests for city services received before and after the attack -- including things like permits, 311 requests, crime reports, and business licenses. But city staff expect the backlogs to take some time - adding some of the data may be permanently destroyed.

"If they were unable to decrypt and they didn't have backups of those files, those files are essentially gone," said Jake Aurand, a cyber-security expert with Binary Defense.

MORE: FBI has seized website used by notorious ransomware gang

San Bernardino County paid $1.1 million ransom to hackers who infiltrated the Sheriff's Dept. computers. Sources tell the I-Team Oakland never paid a dime.

"In the context of San Bernardino County having the same problem... but rather than ignore it and provide a smoke screen response, all the stakeholders worked together and their systems are back up and running after four days," said Donelan.

The city of Oakland faces a $360 million budget deficit. The I-Team has confirmed city officials have hired a consulting group to help fill vacancies across many departments - including the seven high-level administrative positions and the 17 vacancies in the city's IT department - a contract that could cost up to $500,000.

The FBI released the following statement about ransomware attacks:

The FBI does not negotiate with perpetrators of ransomware attacks on behalf of companies or government entities, nor does the FBI support paying a ransom in response to a ransomware attack. Paying a ransom may result in a Department of Treasury violation if it is to a sanctioned entity, it does not guarantee you or your organization will get any data back, and it encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.

If you are a victim of ransomware, the FBI does recommend:

Contact your local FBI field office to request assistance, or submit a tip online.

File a report with the FBI's Internet Crime Complaint Center (IC3).

Go to stopransomware.gov to get additional guidance.

Take a look at more stories and videos by the ABC7 News I-Team.