Ransomware, Incident Response, Privacy

Oakland still grappling to recover from ransomware attack

Share

Officials in the City of Oakland, California, are still facing challenges in facilitating recovery from a Play ransomware attack that has resulted in city service disruptions and extensive data leaks, Government Technology reports. Nearly 11GB of data, including Oakland city employees' data, police details, and other city files, have been exposed by the Play ransomware operation, also known as PlayCrypt, over the weekend. While Oakland city officials have not revealed more details regarding the attack, the intrusion, which has led to the temporary shutdown of the city's 311 line and business tax payment processing systems, among others, has been regarded to be "really devastating" by UC Berkeley Cybersecurity Academic Program Director Sarah Powazek. "It's a big deal, and it's really unfortunate how poorly prepared folks are for dealing with this. And I'm not blaming the city at all it's sad that cities are supposed to be prepared and know what to do with what is an international cyberattack," Powazek said.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Related

Novel WolfsBane backdoor leveraged in Chinese attacks against Linux systems

Attacks with Wolfsbane commence with the deployment of the 'cron' dropper delivering the KDE desktop component-spoofing launcher, which deactivates SELinux and alters user configuration files before triggering the privacy malware component that has file operation, data theft, and system manipulation command support, an analysis from ESET revealed.

ONNX phishing-as-a-service operation disrupted

Organizations in the financial services sector have been primarily targeted by the ONNX, whose Telegram-based operations had been cut off following a court order that allowed Microsoft to transfer the PhaaS platform's infrastructure to its servers, according to Microsoft Digital Crimes Unit Assistant General Counsel Steven Masada.

Ransomware attacks primarily caused by poor cyber hygiene

Aside from primarily leveraging basic usernames for their accounts, organizations impacted by ransomware intrusions from July to September — including those in the government and healthcare industries — also mostly failed to implement multi-factor authentication that could have deterred brute-force attacks.

Related Events

Related Terms

AnonymizationBasic AuthenticationBiometricsCertificate-Based AuthenticationChallenge-Handshake Authentication Protocol (CHAP)Computer Emergency Response Team (CERT)Digital CertificateDiscretionary Access Control (DAC)GeolocationInference Attack

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.