A devastating ransomware attack that began on February 8th against the City of Oakland resulted in network outages to the city’s systems, prompting the city administrator to declare a state of emergency to expedite the city’s system restoration process.
The city temporarily shut down its 311 call line that coordinates requests for city services. The call line is an internal system for contracting and funding external vendors, the permit center for local developments, and the systems that handle business tax and parking fee payments.
Since the initial breach, stolen personal and financial files from the attack have been leaked onto the dark web by the ransomware group, Play. City officials confirmed that the hacker group that released sensitive personal information in February was also responsible for a data dump on the dark web of 600 gigabytes of information. The data includes social security numbers, home addresses, and medical data from thousands of current and former city workers.
The City of Oakland isn’t the first local government targeted by the ransomware group, also known as PlayCrypt. They have directed attacks on various municipalities and businesses around the world.
How to prevent these types of attacks
There’s a significant difference between cyber detection and response versus protection and elimination. Cyber detection and response are reactive, defending after threats have already entered the network to exploit systems and exfiltrate data. Prevention and elimination are proactive, removing vulnerabilities before bad actors can find and exploit them.
The City of Oakland ransomware breach may have been prevented by following some basic cybersecurity practices such as:
- Conducting automated penetration testing
- Keeping software up to date
- Using strong passwords and two-factor authentication
- Backing up data regularly at an offsite location
- Training employees to recognize phishing emails and other social engineering tactics
- Restricting access to sensitive data and systems
- Using firewalls and endpoint security software
Automated pentesting has proven to be quite effective
While no silver bullet will prevent ransomware attacks, automated penetration testing has proven to be an effective proactive security measure that enables government agencies and commercial businesses to change the attack tables from victims to hunters.
RidgeBot is an automated penetration testing robot for risk-based vulnerability management. To fight against cyber criminals, many organizations conduct red-team and blue-team exercises. The red team consists of offensive security experts who try to attack an organization’s cybersecurity defenses, and the blue team defends against and responds to red team attacks.
Ridge Security has automated this process with bots we call RidgeBots. They act like human attackers, relentlessly locating exploits, then documenting their findings. Unlike humans, RidgeBots are armed with dynamic attack strategies that move from one target to the next. RidgeBot automated pentesting is affordable and runs at enterprise scale.
RidgeBot conducts four primary steps:
- Discovers active assets like servers, network devices, operating systems, and websites.
- Scans and reports on discovered assets and attack surfaces, including weak URLs, open ports, and system vulnerabilities. Beyond software mapping, scanning uses actual payloads to detect vulnerabilities.
- Exploits using ethical hacking skills learned from human testers, launching sophisticated, joint, and iterative attacks.
- Conducts post-exploit verification to indicate whether specific configurations allow hackers to laterally move further into the environment, using testing techniques like privilege escalation, Pass-the-hash, etc.
RidgeBot has a ransomware template specifically designed to combat ransomware attacks. Capabilities include scanning for 27 high-profile ransomware entry point vulnerabilities, launching attacks to exploit these vulnerabilities, and providing detailed reporting on how successful testing exploitations were achieved.
Click here to read our whitepaper and learn how RidgeBot can help you defend against ransomware.