State of emergency declared as City of Oakland grapples with ransomware attack

The City of Oakland has declared a state of emergency one week after a ransomware attack hampered local government operations. 

In a statement on Tuesday, interim City Administrator G. Harold Duffey said he was issuing the declaration “due to the ongoing impacts of the network outages resulting from the ransomware attack” that began February 8. 

“Oakland continues to experience a network outage that has left several non-emergency systems including phone lines within the City of Oakland impacted or offline,” Duffey said. The emergency declaration allows the city to "expedite the procurement of equipment and materials, activate emergency workers if needed, and issue orders on an expedited basis."

Duffy added that "many systems remain down" after the city's "network" was taken offline to contain the attack. The city has not commented further on which government departments are especially impacted.

The declaration cannot last more than one week unless ratified by the city council. It allows the city administrator to “promulgate orders, rules, and regulations on matters reasonably related to the protection of life and property and the preservation of public peace and order.”

The order also requests state and federal funds to cover the recovery costs associated with the attack.

The California city has attempted to implement workarounds to business processes, and the IT department is working with cybersecurity firms to remediate the incident. The city noted that multiple state and federal agencies are now involved in the response. 

On Monday, the city confirmed that 911 emergency services were still functioning, but the Oakland Police Department said the ransomware attack “has delayed response times.”

If residents in need "don’t have an emergency or do not need an immediate emergency response," the department wrote on Facebook, they should use alternative reporting methods.

The city claimed that financial systems were not affected, despite a report in local media quoting an anonymous City Hall "insider" disputing that assessment. 

Ransomware expert Brett Callow said at least six local governments have already reported ransomware attacks this year, with at least four of them having had data stolen.

Oakland-based reporter Jaime Omar Yassin was the first to report that city officials were dealing with a ransomware incident. On the evening of February 9, Yassin said city officials sent an email out to government workers attributing IT outages to the attack that began on Wednesday. 

Workers were unable to access the city's virtual private network (VPN) and the effects of the attack reportedly extended to Oakland’s public libraries.

No ransomware group has taken credit for the attack. 

“The ransomware incident affecting City of Oakland underscores a harsh reality that every governmental agency must confront: a ransomware attack isn’t just a remote possibility but rather a likely imminent event,” said Erfan Shadabi, comforte AG cybersecurity expert.

“The major objectives of the threat actors behind these attacks are to be able to halt operations, encrypt crucial operational data, and generally cause havoc in the provision of governmental services.” 

Ransomware attacks on cities as large as Oakland have become rarer in recent years as governments step up their cybersecurity protections and groups target smaller governments with less resources. New Orleans, Atlanta and Baltimore dealt with crippling attacks in 2018 and 2019. Tulsa also reported an attack by the Conti ransomware group in 2021. 

Atlanta was forced to spend more than $9.5 million recovering from the incident and Baltimore reportedly spent $19 million dealing with their attack. 

One month ago, San Francisco dealt with a ransomware attack on its Bay Area Rapid Transit that later led to the leak of troves of sensitive information from the railway’s police force.