The California Cybersecurity Integration Center says it is actively responding to an incident, involving the US state’s Department of Finance. It has been hit by a Russian-affiliated ransomware group Lockbit this week.
Lockbit, which has already claimed hundreds of high-profile organizations as victims, allegedly posted the dark web threat to leak the stolen data if its demands are not met by December 24.
“Lockbit ransomware group added nine new victims,” cyber threat pundit Dark Feed, aka @ido_cohen2, posted on Twitter. “One of the victims is the Department of Finance of the State of California.”
Another deep-web watcher, Falcon Feedsio, corroborated the Dark Feed claim, posting: "The Department of Finance, State of California, has been added to the list of victims by the Lockbit ransomware gang."
Writing in their blog, LockBit said they had stolen 76GB of data, including IT and financial documents, confidential data, and “sexual proceedings in court.”
Cybernews has reached out to the Department of Finance in California for comment, but it was the California Cybersecurity Integration Center that responded. It has released a statement on “Cybersecurity incident,” where the authorities admit the fact of the incursion.
“The intrusion was proactively identified through coordination with state and federal security partners. Upon identification of this threat, digital security and online threat-hunting experts were rapidly deployed to assess the extent of the intrusion and to evaluate, contain and mitigate future vulnerabilities,” the statement says.
According to the Center, the response effort includes multiple public and private agencies: the Governor’s Office of Emergency Services, the Department of Technology, the California Military Department, and California Highway Patrol.
While the statement heaps praise on Governor Gavin Newsom for strengthening California’s cybersecurity measures, it also stresses that no state funds have been compromised – the Department of Finance is continuing its work.
Claims on Twitter noted another threat actor, an initial access broker (IAB), who was offering a way past the department's cyber defenses for $30,000 per breached server.
And the California Budget website remains offline at the time of writing. Governor Newsom has to present his budget for the next fiscal year by January 10, 2023.
The Lockbit cartel is the most successful hacking collective in 2022. A report by threat intelligence firm Digital Shadows shows that for two consecutive quarters, LockBit and its affiliates accounted for over a third of all ransomware attacks involving organizations being posted to ransomware leak sites. Yet, some security experts believe that taking down the decentralized gang will be complicated – and will take more than individual arrests.
More from Cybernews:
Subscribe to our newsletter