The Play ransomware gang claimed responsibility for the cyberattack on the American city of Oakland, which occurred in first half of February . This attack severely disrupted the city’s IT systems. Local authorities even had to declare a state of emergency in the city .

Oakland is an American city in the state of California, located on the east side of the San Francisco Bay. The population is about 440 thousand people. The city serves as the region’s main transportation center and economic engine.

On February 10, 2023, city officials informed the public that the city’s IT systems were affected by a ransomware attack that affected all network systems except for the emergency dispatcher, fire departments, and the city’s financial systems.

On February 14, a state of emergency was declared in the city to expedite the recovery of affected systems and resume all services as quickly as possible.

All business tax obligations were delayed by 45 days because online payments were not working. Also affected were parking services, which were unable to receive calls or transactions at the checkout counters.

By February 20, IT professionals were able to restore access to public computers, scanning, printing, library services and wireless Internet at all city sites.

However, the city’s non-emergency telephone services (OAK311) and business tax licenses are still unavailable, and the online permit center is partially operational.

Last update on website of the city of Auckland appeared today, March 3rd. City officials said: “Recently, we have learned that an unauthorized third party has acquired certain files from the city network and intends to make the information public. We are working with third party professionals and law enforcement on this matter, and are actively monitoring unauthorized third party claims to determine their validity.”

A few days ago, the Play ransomware gang claimed responsibility for the attack on Oakland, listing the city as victims on its official website. The attackers claim to have stolen documents containing private, confidential data, financial and government documents, passports, personal details of city employees, and even information allegedly proving human rights violations.

These documents, in theory, were stolen during a hacker penetration into the networks of the city of Auckland. Now all this data is used as leverage to force the city administration to comply with the demands of the hackers and pay a ransom.

The attackers threatened to publish the above documents tomorrow, Saturday (March 4). This will certainly happen if the city administration does not agree with the hackers.

“Protecting the confidential information we hold is a responsibility we take seriously. We will continue to work diligently to investigate and resolve this incident, working with our expert teams to further enhance our security,” the Auckland City Administration website says.

However serious the government is about protecting confidential information, it is unlikely that the ransom money will actually be paid to attackers, according to administration officials. It remains only to wait how this story ends, and what interesting information will emerge as a result of the disclosure of the stolen data.