Ransomware Attack Prompts State of Emergency in Oakland, California

Written by Edward Gately
February 18, 2023

In other cybersecurity news this week …

The City of Oakland has declared a state of emergency one week after a ransomware attack hampered local government operations, according to a Recorded Future report.

Interim City Administrator G. Harold Duffy issued the declaration due to the ongoing impacts of the network outages resulting from the ransomware attack that began Feb. 8.

“As previously communicated, the network outage has impacted many non-emergency systems including our ability to collect payments, process reports, and issue permits and licenses,” Duffy said. “As a result, some of our buildings are closed. We encourage the public to email the service counters they want to visit before coming to city buildings.”

The city is also requesting state and federal funds to cover the recovery costs associated with the attack. The city attempted to implement workarounds to business processes, and the IT department is working with cybersecurity firms to remediate the incident. The city noted that multiple state and federal agencies are now involved in the response.

Tony Goulding is cybersecurity evangelist at Delinea. He said ransomware attacks such as this are an unfortunate reality today and for the foreseeable future.

“Cybersecurity leaders must continue to emphasize the critical importance of preparedness,” he said. “Nothing will guarantee 100% resilience to cyberattacks, but being prepared with regards to process, people and technology goes a long way.

Cybersecurity leaders need to ensure they have a solid incident response plan that’s kept up to date and practiced, including ransomware preparedness to factor ransomware’s most commonly used tactics and techniques, Goulding said. Also, they should ensure their incident response plan has owners, that they intimately know their responsibilities, and that there’s out-of-band communications in the event traditional communications are compromised.

In addition, they need to ensure they have modern security controls to help prevent, detect and contain anomalous activity.

“Solidifying these elements can make any organization more resilient so they can detect and respond to an incident more quickly and have a better chance of getting fully operational again in the shortest time,” Goulding said.

Darren Guccione is CEO and co-founder of Keeper Security. He said this egregious cyberattack is the latest example of the pervasive threat that predatory cybercriminals pose to everyone, from multinational businesses to local law enforcement.

“No one is safe from cybercrime and often the most vulnerable among us are the most likely to be targeted,” he said. “This threat actor is affecting Oakland PD’s operations and response times, which directly impacts the safety and well-being of Oakland residents.”

Now the city faces the impossible decision of whether to pay the threat actor to release their data, or risk losing access to the files and systems it relies on to protect its residents, Guccione said.

“Yet, cybercriminals are exactly what their name implies,” he said. “They are criminals, and as such, they cannot be trusted. Paying a ransom provides no guarantee a bad actor will decrypt a victim’s files or reinstate access to their systems. Furthermore, there are ample examples of cybercriminals publishing stolen files to the dark web, even after receiving a payment. The Oakland PD will have a long and expensive road to recover from this ransomware attack, and ensure that another cyberattack of this nature does not happen again. This incident serves as yet another reminder of why everyone must make cybersecurity a priority.”

Tags:

Edward Gately

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.