Oakland hit by hackers who promise to publish all residents' data unless ransom is paid

© Provided by KNX News Radio Los Angeles cyber attack

The city of Oakland -- still recovering from a crippling cyber attack in February that affected several city services and exposed the personal information of current and former city employees -- is in the midst of another apparent ransomware attack.

This time, hackers are threatening to expose sensitive information of the city's residents if the ransom is not paid.

According to The Cyber Express, a hacker group known as LockBit 3.0 is claiming responsibility for the latest attack. The group is threatening to publish all data, which reportedly contains residents' financial and personal information, if the ransom is not paid by April 10.

The attack comes on the heels of a another ransomware attack that shut down city hall, snarled some police services and exposed city files, along with the personal data of thousands of city employees. The attack also forced the city to declare a state of emergency in an attempt to quickly restore services and recover to normal operations.

Ransomware group PLAY claimed responsibility for the attack and released the stolen data on the dark web, including employee IDs, passport information and other sensitive city documents, according to KRON4.

The city has encouraged residents and employees to keep a close eye on their credit reports and other accounts to detect any fraud or identity theft as soon as possible.

During an unrelated press conference on Monday, Oakland Mayor Sheng Thao said an investigation into the cyberattack is ongoing.

"We are working closely with the FBI, not just with the FBI, but with OPD here as well. We have an amazing staff of IT folks in the City of Oakland. They are doing their best to get all our systems back up online, we will have all our systems back up online in the next couple of weeks or so," Thao said, per KGO-TV. "It's just about the manpower to get all of the systems back up. But we are optimistic we can get there in the next few weeks, or maybe the next month."

The city released a statement, saying the data leak contained employee information from July 2010 to January 2022. Thao said current employees have been notified and the city has started reaching out to former employees as well, adding that she personally was a victim of the attack as well.

"Let me be very clear. This is a huge underinvestment in regards to previous administrations into our IT systems," Thao said. "This is something that we have inherited."

The city has hired a Florida-based security awareness company to help prevent similar phishing attacks in the future, but it could take up to a year before new security protocols are implemented, KGO-TV reported.

On Twitter, Thao said her administration "has been working hard to restore systems and provide assistance to anyone impacted. Moving forward we will focus on strengthening the security of our information technology systems."

In the meantime, it appears none of the actions taken since the February attack had an impact on stopping a second attack from occurring.

The city has not yet addressed the current attack by LockBit, which added Oakland to its "victim list" on Tuesday. According to Bleeping Computer, LockBit has warned to release the data but hasn't published any proof that they've stolen any files.

"LockBit has previously made claims that have proven to be false on at least one occasion," the website noted.