City of Oakland hit with ransomware attack, but says 'core functions' are intact

The City of Oakland confirmed reports that its networks had been hit with ransomware after rumors emerged online that several agencies were having issues with systems on Thursday. 

City officials did not respond to requests for comment but released a statement on Friday afternoon saying the ransomware attack began on Wednesday night. 

“The Information Technology Department is coordinating with law enforcement and actively investigating the scope and severity of the issue. Our core functions are intact. 911, financial data, and fire and emergency resources are not impacted,” the officials said. 

“The City is following industry best practices and developing a response plan to address the issue. In an abundance of caution, ITD has taken affected systems offline while they work to secure and restore services safely. In the meantime, the public should expect delays from the City as a result. We are actively monitoring the situation and sending updated information as it becomes available.”

A spokesperson for the Oakland Police Department confirmed to The Record that they were still able to receive 911 emergency calls but noted that people can also file online crime reports if needed.

Oakland-based reporter Jaime Omar Yassin was the first to report that city officials were dealing with a ransomware incident. 

Confirmed: City Admin sent this email to employees tonight, confirming City experienced a ransomware attack its still recovering from. All City computers are offline from City network; VPN access offline. What this means for residents may only become evident in the coming days. https://t.co/lQROUREqcf pic.twitter.com/JCdBWYVq0j

— Trash Night Heron (@hyphy_republic) February 10, 2023

Late Thursday evening, Yassin said city officials sent an email out to government workers attributing IT outages to the ransomware attack that began on Wednesday. 

"ITD is following industry best practices and developing a response plan to address the issue. At this time, VPN access is offline and City computers are disconnected from the City network,” the email said. 

“In an abundance of caution, ITD asks staff to not plug back into the network until further notice. 911 Dispatch, City mobile devices, Office 365, NeoGov, OakWiFi, the City's website, Oracle and other services are not known to be impacted.”

Yassin noted that the city has long faced issues with keeping IT talent and was reportedly warned of cybersecurity deficiencies last year.

Several city workers took to social media to complain about the outages, which even affected local libraries.

The computers at every Oakland Public Library were reportedly down, forcing librarians to use routing slips to transfer books from branch to branch. 

computers are down at every Oakland Public Library, so we're back to the old ways. this routing slip, which is used to send a book from branch to branch, is so old the 81st Branch didn't even exist yet pic.twitter.com/Ym4DJbFOTN

— Liam Curley (@liammcurley) February 10, 2023

The San Jose Sun also reported that the city of Modesto – about an hour and a half away from Oakland – was also dealing with a citywide ransomware attack that forced the police department to revert back to radios.

A spokesperson for the city confirmed to The Record that it recently detected suspicious activity on its digital network.

"Upon learning of this suspicious activity, we strategically disconnected portions of our network out of an abundance of caution. We have also initiated an investigation with leading cybersecurity experts. At this time, the City is experiencing limited connectivity to some systems," said Andrew Gonzales, legislative affairs manager for the city of Modesto.

"Our ability to facilitate city services including emergency service and answer 911 calls is fully operational."

Ransomware attacks on cities as large as Oakland have become rarer in recent years as governments step up their cybersecurity protections and groups target smaller governments with less resources. New Orleans, Atlanta and Baltimore dealt with crippling attacks in 2018 and 2019. Tulsa also reported an attack by the Conti ransomware group in 2021. 

Atlanta was forced to spend more than $9.5 million recovering from the incident and Baltimore reportedly spent $19 million dealing with their attack. 

One month ago, San Francisco dealt with a ransomware attack on its Bay Area Rapid Transit that later led to the leak of troves of sensitive information from the railway's police force.