Interim City Administrator G. Harold Duffey declared a state of emergency after Oakland had suffered a ransomware attack. Its IT systems have been offline since February 8th, and network outages have brought ongoing issues.
Oakland Ransomware Attack
Non-emergency systems including phone lines are still impacted or offline in the City of Oakland. The state of emergency status is to expedite the procurement of equipment and materials, as well as activate emergency workers if the need arises.
It's still unknown who was behind the cyber attack, and there are still no details on the ransom demands or what was stolen. However, the city's IT department is already working with a forensics form to perform extensive incident response and analysis.
An effort is also being made to put up additional cybersecurity measures and technology firms to work on recovery and remediation, as mentioned in Bleeping Computer. The investigation has involved local, state, as well as federal agencies.
Oakland citizens may still file crime reports on the city's official website. 911 dispatch, fire emergency services, and the City's financial systems were not affected by the cyber attack. The City Department is working on ways to provide services safely to the public.
In a statement, the City expressed its appreciation for the patience of the community as staff across the organization collaborate to minimize disruptions. They are also implementing workarounds to normal business processes to continue delivering services.
How Do Ransomware Attacks Work?
Ransomware attacks start with a hacker breaching a certain system and planting malware. It will then keep a user or organization from accessing their files through encryption, which can only be cracked using a decryption key.
The threat actors will demand a ransom payment in exchange for the victim being able to reaccess their data. In some cases, the hacker would steal the data and threaten to leak them to a public forum if the ransom payment did not reach them on a deadline.
Ransomware attacks have been used by many hacker groups, affecting many organizations and companies as well as their services. These attacks prevent hospitals from providing emergency services or leaking sensitive information online.
According to CheckPoint, the form of cyber attack started with the WannaCry outbreak in 2017. It showed that ransomware attacks could be profitable, which has led to dozens of ransomware variants being created, and ransomware groups being formed.
With the pandemic, organizations and companies had no choice but to resort to remote work, which created weaknesses in their cyber defenses. Cyber attackers saw this opportunity resulting in a 50% surge in ransomware attacks in the third quarter of 2020.
Read Also: Rackspace Names Play Ransomware As Hackers Behind December Attack
How to Avoid Ransomware Attacks
There are no fool-proof ways to avoid a ransomware attack. However, there are methods to minimize the risk. For one, these attacks usually hold data hostage through encryption. Having backup files may reduce the amount of data loss and will not disrupt services as much.
Employees or users should also be aware of the dangers of socially engineered attacks or phishing emails. Systems should also be patched so cybercriminals will not be able to find uncovered exploits. User authentication will also avoid breaches through stolen credentials.
Related: 5 Alarming Ransomware Facts You Shouldn't Ignore
