Oakland ransomware attack: leaked data has over 3,100 views on the dark web

OAKLAND, Calif. (KGO) — Victims compromised by the City of Oakland ransomware attack are reporting that their credit card information was hacked, some with their identities stolen.

It’s been 12 days since stolen personal and financial files from the city of Oakland were leaked onto the dark web by the “Play” ransomware group. The stolen data had over 3,100 views as of Thursday night. The city has provided a phone number for affected consumers to get help accessing resources: 866-869-1861.

“Currently, there are 40 different victim profiles active on the site,” said James Aurand, head of counterintelligence at Binary Defense.

RELATED: Expert explains how the city of Oakland may have fallen victim to a ransomware attack

Aurand says 18 of those victim profiles appear to be from Oakland – about 10GB of data.

“A lot of victim profiles actually contain data that has been leaked,” Aurand said. “Two of them are new victims that have been posted.”

According to Aurand, the dark website has a countdown timer to let victims know how much time they have left before that data is published or made public on the site. It is accessible through a provided password to view the data.

ABC7 News’ I-Team has learned that the city has hired Florida-based security awareness firm KnowBe4 to help prevent future phishing attacks, but protocols may take a year to implement. there is a significant impact.

VIDEO: Oakland officials and experts fear ransomware group may leak more ‘sensitive’ stolen data, sources say

“It was awful,” said Noel Gallo, a member of the Oakland City Council.

Gallo says current and former city employees and local small-business owners, who speak only Spanish, are struggling to get help.

“I get phone calls and emails from people knocking on my door saying I can’t use my credit card,” Gallo said. “They ask, what does this mean? How can I solve this problem?”

The I-Team confirmed that the City of Oakland upgraded its Microsoft 365 services this week to implement “enhanced security controls” such as multi-factor authentication and compromised account detection.

RELATED: Social Security, Oakland Employee Banking Info, Businesses May Be Compromised by Ransomware Leak

“It can take up to a year to reduce their risk of phishing attacks,” said KnowBe4 specialist James McQuiggan.

KnowBe4 conducts simulations that assess the percentage of City of Oakland employees exposed to phishing scam emails – one of the ways the Play ransomware group was able to hack into the city’s network. According to McQuiggan, currently one in three employees could be at risk.

“By doing these phishing simulations, you can get that number down to one in 20 people or one in 30 people,” McQuiggan said, adding that it might take a year to get there.

Data obtained by the I-Team shows that the city’s IT department has 89 budgeted positions, with 17 positions currently vacant. But the city is under a hiring freeze and faces a multimillion-dollar budget shortfall next year.

RELATED: Oakland Ransomware Attack: Here’s a Look at How Other Cities Solved Their Cyberattacks

“From a staff perspective, don’t rely solely on security training,” said Patrick Harr, CEO of Slashnext, an integrated cloud security company.

Harr says ransomware threats will become more vicious in the coming years thanks to artificial intelligence or AI like ChatGPT.

“These threat actors use AI to mimic your image, mimic your voice, and mimic the places you go,” Harr said. “People have to use AI to fight AI.”

Experts who have studied ‘Play’ say the ransomware group can wait six months to a year before using any data or selling it – reminding those at risk to always be on the alert.

Take a look at other articles from the ABC7 News I-Team.

If you’re on the ABC7 News app, click here to watch live