Following a ransomware attack on LockBit's network last month that caused information from its network to be leaked, the city of Oakland in the state of California has been uploaded to the dark web victim blog. In order to avoid further information from the city being released, the gang has given Oakland's city council until April 10 to begin negotiations.
The tax office and several non-emergency phone lines are among the essential services that have been impacted by a network outage, according to a notification on the city services website, which is still accessible.
Earlier today, LockBit published the city on its blog. It also includes a brief history of the city and states that "all available data shall be shared." The cutoff date looks to be April 10.
Second ransomware attack in Oakland in recent weeks
The purported attack occurs only a few weeks after Oakland's city council disclosed that the Play ransomware group attacked it in February.
According to a council statement, "we are aware that some of the information obtained from our network has been released by an unauthorised party."
The statement continued, referring to the breach as a "ransomware incident," and said that "the findings to date indicate that an unauthorised actor accessed computer systems where certain individuals' personal information was stored as part of their employment with the city."
It's possible that LockBit used this information to start today's attack. Cybercriminals frequently use stolen data in phishing attacks to get their victims to download malware that is hidden from view from what seems to be a reliable source.
LockBit's expanding landscape
Russian ransomware gang LockBit has been operating since 2019. LockBit 3.0, also known as LockBit Black, is the most recent version, and it has been very aggressive, attacking over 850 businesses in 2022 alone. For the past 12 months, the gang has targeted US organisations the most frequently.
According to a report last week from the FBI and CISA, the gang's new malware is more modular and evasive than its earlier iterations and is comparable to those employed by the Blackmatter and Blackcat ransomware gangs from Russia.
Companies are advised to take a number of precautions to protect themselves from LockBit 3.0 by both US government agencies. This includes using password managers that are acknowledged in the industry to save passwords in hashed format" and "needing administrator privileges to install applications.
