Ransomware hackers leak second batch of city data from Oakland attack

The Play group dumped sensitive data for city employees.

Derick Daily on Unsplash

The perpetrators of the ransomware attack against Oakland have leaked more of the data from the hack. The city has confirmed that Play, the hacker group claiming responsibility for the ransomware, has shared a second batch of info on the dark web. While officials aren't sharing more details, The Oaklandside sources say the dump was 600GB and included confidential Oakland Police Department files (including disciplinary records), council members' communications and city staff's medical records.

The first release from early March was a comparatively modest 10GB, but included city employee rosters and police records. The incident was serious enough that the Oakland police union is now demanding $25,000 per officer for the damage done through the leak. The union also wants to pressure the city into tightening its security.

The February attack prompted the city to declare a state of emergency and take its network offline in a bid to limit the damage. That left many non-emergency services unavailable, including the systems to issue licenses and permits. Oakland closed some buildings and warned of delayed responses to non-urgent complaints. Access to some systems came back in late February.

Play group has been linked to numerous attacks, including Rackspace and the Belgian city of Antwerp. The gang first emerged in June of last year, when BleepingComputer forum users reported attacks attributed to the outfit.

The city still hasn't outlined Play's demands. However, the second wave of leaks suggests Oakland isn't bowing to pressure to pay the ransom. That's not a surprising decision. While the exposed data increases the risk of fraud, the city risks encouraging more ransomware attacks if it gives in.