Oakland’s nightmare continues as LockBit strikes again

Oakland continues to suffer from cyberattacks as LockBit, the infamous ransomware gang, adds the Californian city to its list of victims.

This is shaping up to be a truly awful year for Oakland city services, which were offline after a ransomware attack in February, when the Play gang published almost 10GB of sensitive government files on its extortion leak site.

More than a month has passed since a local state of emergency was declared on February 14.

Now, it seems another ransomware attack has been launched against the embattled city – LockBit has just uploaded Oakland to its dark-web blog, suggesting that the city’s services have once again been breached by cyberattackers.

Oakland has been painstakingly trying to get municipal services back online – an announcement about an ongoing network outage is still at the top of its official website.

“Oakland is experiencing a network outage that is affecting key services such as Oak311, permitting and business tax. Several non-emergency systems including phone lines within the City of Oakland are currently impacted or offline,” reads the announcement, which is regularly updated to show services yet to be restored.

Sheng Thao, the mayor of Oakland, had just told local media she was expecting city services to be back online in a month’s time. But this was before LockBit added Oakland to its extortion site and set the deadline – to pay the ransom, presumably – to April 10.

According to the ABC7 News I-Team, victims compromised from the ransomware attack in February have been reporting their credit card information hacked, including some cases where their identities were stolen.

Researchers at cybersecurity firm Malwarebytes say LockBit had the highest count of victims in February, with 51 organizations on its list.

LockBit is the most prolific gang in the illegal ransomware business with more than 1,500 victims, data from the deep-web watchdog Darkfeed shows.

The gang made headlines recently for extorting UK postal service Royal Mail. LockBit has been linked with other prominent Russia-affiliated ransomware cartels, such as Conti and its successor Black Basta and DarkSide, and its descendants BlackMatter and BlackCat/ALPHV.