City of Oakland declares state of emergency after ransomware attack

Attack is causing delays in responses to non-emergencies

The City of Oakland in California has declared a local state of emergency, as it continues to grapple with a ransomware attack that began on 8th February.

Interim city administrator G. Harold Duffey announced the state of emergency on Tuesday, explaining it would help speed up the city's response and enable the procurement of materials and equipment.

The attack closed Oakland City Hall and left several non-emergency systems and phone lines offline. Emergency systems such as 911 dispatch, fire and financial services were not affected.

Oakland police have warned that the attack is causing delays in responding to non-emergency situations.

Many systems taken down in the immediate aftermath of the incident remain offline.

The identity of the group behind the attack is still unknown. Oakland has not shared any ransom demands or data theft.

The City is working with a forensics firm to analyse and respond to the attack. Law enforcement officials from all levels of government, including federal, are investigating the attack.

Oakland officials have thanked the community for their patience.

"The City is appreciative of the community for their patience as staff across the organisation work collaboratively to minimize disruptions and implement workarounds to normal business processes that allow the City to continue delivering services," a statement said.

Local reporter Jaime Omar Yassin was first to report the attack on Twitter last week. In 2022, Yassin had written about the City's IT department being understaffed and vulnerable to ransomware attacks.

Ransomware attacks targeting US cities and counties have become increasingly common in recent years. In several cases these have led to the shutdown of critical services, including election systems and school districts.

Some cities have paid ransoms, while others have chosen not to - sometimes with expensive results.

The City of Atlanta, for instance, spent millions to recover impacted systems after refusing to pay a $51,000 ransom.

In January, Microsoft said it was tracking over 100 ransomware gangs that had deployed more than 50 unique ransomware families through the end of 2022.

The US federal government has been vocal in its efforts to crack down on ransomware gangs.

Last month, US federal agencies seized Tor payment and data leak sites belonging to the Hive ransomware operation, which Hive used to collect millions of dollars in extortion payments.

A US government report claims Hive and its clients targeted more than 1,300 businesses globally between June 2021 and November 2022, collecting approximately $100 million in ransom payments.

Also last month, the US Department of Justice arrested the Russian founder of huge cryptocurrency exchange Bitzlato. The Department accused the Russian national, who now resides in China, of operating a company that handled more than $700 million in illegal transactions and violating laws intended to prevent money laundering.