City of Oakland hit with ransomware attack, but says ‘core functions’ are intact

The City of Oakland confirmed reports that its networks had been hit with ransomware after rumors emerged online that several agencies were having issues with systems on Thursday. 

City officials did not respond to requests for comment but released a statement on Friday afternoon saying the ransomware attack began on Wednesday night. 

“The Information Technology Department is coordinating with law enforcement and actively investigating the scope and severity of the issue. Our core functions are intact. 911, financial data, and fire and emergency resources are not impacted,” the officials said

“The City is following industry best practices and developing a response plan to address the issue. In an abundance of caution, ITD has taken affected systems offline while they work to secure and restore services safely. In the meantime, the public should expect delays from the City as a result. We are actively monitoring the situation and sending updated information as it becomes available.”

Oakland-based reporter Jaime Omar Yassin was the first to report that city officials were dealing with a ransomware incident. 

Confirmed: City Admin sent this email to employees tonight, confirming City experienced a ransomware attack its still recovering from. All City computers are offline from City network; VPN access offline. What this means for residents may only become evident in the coming days.

— Trash Night Heron (@hyphy_republic) February 10, 2023

Late Thursday evening, Yassin said city officials sent an email out to government workers attributing IT outages to the ransomware attack that began on Wednesday. 

“ITD is following industry best practices and developing a response plan to address the issue. At this time, VPN access is offline and City computers are disconnected from the City network,” the email said. 

“In an abundance of caution, ITD asks staff to not plug back into the network until further notice. 911 Dispatch, City mobile devices, Office 365, NeoGov, OakWiFi, the City’s website, Oracle and other services are not known to be impacted.”

Yassin noted that the city has long faced issues with keeping IT talent and was reportedly warned of cybersecurity deficiencies last year.

Several city workers took to social media to complain about the outages, which even affected local libraries.

The computers at every Oakland Public Library were reportedly down, forcing librarians to use routing slips to transfer books from branch to branch. 

computers are down at every Oakland Public Library, so we're back to the old ways. this routing slip, which is used to send a book from branch to branch, is so old the 81st Branch didn't even exist yet

— Liam Curley (@liammcurley) February 10, 2023

The San Jose Sun also reported that the city of Modesto – about an hour and a half away from Oakland – was also dealing with a citywide ransomware attack that forced the police department to revert back to radios. 

Ransomware attacks on cities as large as Oakland have become rarer in recent years as governments step up their cybersecurity protections and groups target smaller governments with less resources. New Orleans, Atlanta and Baltimore dealt with crippling attacks in 2018 and 2019. Tulsa also reported an attack by the Conti ransomware group in 2021. 

Atlanta was forced to spend more than $9.5 million recovering from the incident and Baltimore reportedly spent $19 million dealing with their attack. 

One month ago, San Francisco dealt with a ransomware attack on its Bay Area Rapid Transit that later led to the leak of troves of sensitive information from the railway’s police force.

Article Link: City of Oakland hit with ransomware attack, but says 'core functions' are intact - The Record from Recorded Future News