In a Tweet last night, security researcher Dominic Alvieri posted a copy of the Play ransomware gang’s dark web posting threatening to publish the City Of Oakland’s data of 3/4/23, which is today. The posting was listed as of March 1st. So they got just three days’ notice to pay the ransom.
The city of Oakland first experienced the ransom attack in on Feb 14th and according to their latest status report on February 28th, city services remain primarily unchanged.
The gang claims to have stolen documents contain private data including financial and government papers, identity documents, passports, employee data and information regarding human rights violations. They’re attempting to use this data to get the administration to meet their demands and pay the ransom.
Ted Miracco, CEO of Approov Mobile Security had this to say:
The recent ransomware attack on the city of Oakland is a concerning issue, and we expect to see more attacks like this on Government offices, as they are quite vulnerable. The potential implications of giving in to these demands could encourage more cyberattacks on other cities and organizations, as hackers may see it as a profitable way to extort money. The fact that the gang claims to have access to sensitive information such as financial and government papers, identity documents, passports, and employee data is alarming. However, the city of Oakland and other organizations must prioritize the security of their computer systems and data to prevent future attacks. Hopefully, the authorities can track down and bring the hackers to justice while also ensuring the safety of the stolen data.
David Mitchell, Chief Technical Officer of HYAS followed up with this comment:
“This ransomware group likes to start by using remote code execution (RCE) attacks on Exchange servers to gain access and then deploy their ransomware. If that was the case with Oakland, not only do they need a protective DNS solution to prevent the outbound communications from the malware but they may have failed to update vulnerable software on internet facing systems, making this even easier than using email as the initial infection vector. If this was an RCE on Exchange, a protective DNS solution would have quickly identified and blocked the malicious DNS transactions and contained the problem to the initial infection vector.”
Morten Gammelgaard, EMEA, co-founder of BullWall had this comment:
“The ransom attack on the City of Oakland not only disrupted city services, but as is always the case in such events, the attackers have obtained private data, including financial and government papers, identity documents, passports, employee data, and information regarding human rights violations. Data breaches and identity theft resulting from such attacks cause significant harm to individuals and organizations alike. In this case, the attackers are using the stolen data as leverage to demand a ransom payment from the city, which could result in further financial loss and reputational damage.
“In addition to the city services being out for a week prior to IT restoring access, the potential long-term impact of the attack on the city’s infrastructure and security cannot be ignored. For some companies, a week of downtime would be significant loss of revenue or worse yet, imagine if that was a hospital that was down for 6 days!
“This incident underscores the importance of implementing robust cybersecurity defenses, including response and containment measures to safeguard against such attacks, as there is no end in sight to these sorts of attacks.”
I for one will be interested to see if this gang gets anything out of this, and if they follow through with their threat to release the data. Paying a ransom doesn’t guarantee you or your organization will get any data back. It also encourages ransomware gangs to target more victims and offers an incentive for others to get involved in this type of illegal activity. So this will be interesting to watch.
UPDATE: Darren Williams, CEO and Founder, BlackFog added this comment:
“As cyber adversaries continue to focus on making the biggest impact by affecting the most people, it’s unsurprising that the public sector and government remains a compelling target. In 2022 for example, our State of Ransomware report observed a 17% increase in reported governmental cyber-attacks.
City councils and governments need to re-prioritize their cybersecurity as clearly, this isn’t an issue that will just go away. The effect of the attack on the City of Oakland last month appears to only now be setting in, as the stolen personal data of city workers have begun to be leaked by the attackers.
Moreover, hackers often favor weekends and holidays to launch attacks, when the majority of employees are out of office, so newer technologies that focus on automated prevention 24/7 must be added to the security stack.”
Ford Patents System for Self-Repossessing Vehicles…. Which Is Not A Good Idea From My Perspective
Posted in Commentary with tags Ford on March 4, 2023 by itnerdAs reported by Car and Driver & others, the Ford Motor Company has filed a patent with the USPTO for systems and methods that aid in vehicle repossession.
What could possibly go wrong?
Ford first filed for the patent in 2021 but it was formally published just last week. The idea is to allow the automaker to ease the process of repossession. The patent describes how fully autonomous self driving vehicles could repossess themselves, returning the car directly to the lender or in the case of a car that has too little value, it could drive itself directly to the junkyard! Other methods suggested in the patent involve limiting vehicle functions such as A/C, power windows, power seats, etc., or locking owners out of the vehicles.
Malicious or not, anyone gaining access to these systems of control could do anything from sending the cars on joyrides, to theft, to ransomware demands
It’s a bad novel just waiting to be written.
Morten Gammelgaard, EMEA, co-founder of BullWall had this comment:
“This situation is fraught and in need of immediate legislative guardrails. Given the Equifax and Experian breaches and how many people suffer because of false reporting on their credit scores how is the public to have faith in such technologies? We do not want technology to make it easier to expose consumers falsely and unfortunately recent history has proven even large enterprises cannot be trusted to guard against such abuse.”
Ted Miracco, CEO of Approov Mobile Security follows up with this:
“After reading about Bing going rogue, I can’t help but wonder what kind of joyride a fully autonomous vehicle would take if it went rogue. Would it just endlessly circle around the city, enjoying the freedom of the open road without a driver? Or would it become a rebel and join forces with other autonomous vehicles to form a robot revolution? One thing’s for sure, if the cars do start repossessing themselves, the poor repo man might just have to find a new line of work along with the displaced tech writers whose cars he was hoping to repossess!”
I really hope that Ford is only doing this to grab headlines. Because if they actually go ahead with this, I can easily see how they would live to regret it.
Leave a comment »