Ransomware group behind Oakland attack targets city in Massachusetts

The cybercrime group that launched a devastating attack on the city of Oakland has taken credit for yet another breach of a local government — this time naming the Massachusetts city of Lowell as its latest victim.

The city — home to more than 111,000 people and about a half hour drive from Boston — announced a “cyber-related incident” April 24 that disrupted its network and impacted “a variety of systems.”

City officials said they decided to segment the affected technology but admitted that servers, networks, phones and other systems throughout the city became inaccessible. The city’s 911, fire and emergency phone systems were not affected by the attack.

On Wednesday evening, the Play ransomware group took credit for the attack, claiming to have stolen an undisclosed amount of data that includes personal data, passports, government IDs, financial documents, budgets, departmental files and more.

The gang said it would release the stolen data on May 10.

‘Expect delays’

State and federal law enforcement agencies have begun an investigation into the Lowell incident. The city was forced to keep several systems offline while working through recovery efforts.

The city said it is still accepting tax payments for things like real estate, motor vehicles, water utilities and more through its online system but noted that the payments “may not be immediately reflected against payments due online.”

“In the meantime, the public should expect delays when interacting with the City as we work towards recovery,” the city said.

While some telephone services were restored at City Hall on April 27, the city said on Tuesday that it is still working to restore phone access across all city buildings.

“The Lowell Fire Prevention Bureau and HAZMAT Division are still accessible to the public to answer any questions related to fire prevention and permitting needs,” the city told residents on Tuesday.

“Offices outside of City Hall, the Lowell Senior Center for example, are still working toward restoration – we will know more as the week advances.”

Another day, another city

The Play group first emerged in July 2022 targeting government entities in Latin America, according to Trend Micro, and most recently drew headlines for a damaging attack on the City of Oakland, which has spent weeks recovering from the incident.

Last month the gang published 600 gigabytes of Oakland government data after releasing an initial batch of 10GB in March. The leaks included troves of sensitive data stolen from the city’s police department, driver’s license numbers, Social Security numbers and even information on the city’s elected officials.

The attack on Lowell comes amid a streak of attacks targeting local governments. On Wednesday, the city of Dallas confirmed it was struggling with a ransomware attack that debilitated its police department, court system and more.

Ransomware groups have targeted both large and small cities across the U.S. — going after cities as large as Atlanta and Baltimore or as small as North Kingstown, Rhode Island, which recently announced that it dealt with its own ransomware attack.