California city of Oakland declares state of emergency over week long ransomware attack

The city of Oakland, California has declared a local state of emergency due to the after effects of a debilitating ransomware attack that shut down most city services last week.

Government officials from the city of Oakland, California declared a local state of emergency Tuesday night, almost seven days after a ransomware attack shut down most city services.

The announcement, issued by Interim City Administrator, G. Harold Duffey, was posted on the City of Oakland website.

oakland website
City of Oakland, Caifornia website

“The declaration of a local emergency allows the City to Oakland to expedite the procurement of equipment and materials, activate emergency workers if needed, and issue orders on an expedited basis, while we work to safely restore systems and bring our services back online,” the Oakland city website stated.

There has been no word on who is behind the attack, or if a ransom was demanded and/or paid out by the city.

Meanwhile, the city of Modesto, California, was also hit by ransomware last week, forcing its police department to resort to using “old school police tactics, including using handheld radios to communicate with dispatch and using pen and paper instead of laptops while out on patrols.

“For critical and lifesaving services, the impact is clear: Response time is of the essence. Constituent demands are driving creations of more redundant and resilient systems, including the development of manual options to support services that must continue to operate,” said Justin Fimlaid, Founder and President of NuHarbor Security, a cybersecurity and risk Management firm.

There is no word if Modesto networks are back up and running, but officials there stated 911 emergency services were not impacted.

Fimlaid said this is a trend that will likely continue, attacks will most likely evolve, and become more sophisticated.

“Local governments and municipalities are intentionally accessible to their constituents and this exposure makes them easier targets. Contact information and email lists are public, while infrastructure and applications are intentionally made public to provide government services. These organizations don’t have the luxury of system privacy that their private sector counterparts enjoy.”

Oakland city confirmed several non-emergency systems have been offline since the February 8 attack, including phone lines.

911 dispatch, fire emergency services, and the Oakland city’s financial systems were not impacted according to an earlier statement.

“Ransomware attacks, like the one against the City of Oakland, are becoming increasingly common against cloud assets and applications,” said Dmitry Dontov, CEO and chief architect of Spin.AI, a firm providing software as a service (SaaS) security and ransomware protection for large scale businesses.

“While we don’t know all the details of the attack, it’s been reported that city officials sent an email noting that “City mobile devices, Office 365, NeoGov, OakWiFi, the City’s website, Oracle and other services are not known to be impacted,” said Dontov.

Last month, the ransomware group Vice Society hacked into the San Francisco Bay Area Rapid Transit System (BART) Police department network and leaked over 120,000 sensitive personnel data files, including information related to child abuse allegations and mental health records.

It is unclear if any sensitive files from Modesto or Oakland were stolen by hackers.

Besides federal law enforcement, Oakland city stated they are working with an outside forensic firm “to perform an extensive incident response and analysis, as well as with additional cybersecurity and technology firms on recovery and remediation efforts.”

“Downtime is an inevitable part of any ransomware attack. After the attack it’s too late, and it can take an average of one month to recover the data, with most organizations never fully recovering all of it, said Dontov.