Following a Feb. 8 ransomware attack, Oakland, Calif., is still working to secure its infrastructure and restore government services.
In the immediate aftermath of the attack, the Oakland IT Department took much of its network offline. The city said that 911 dispatch, fire emergency services, and the city’s financial systems have not impacted. But many other systems remain down following the city’s decision to take portions of the network offline.
As of Feb. 20, the city was able to restore access to critical public safety services. Additionally, Oakland restored access to public computers, and scanning, printing, copying and internet service at libraries, and wireless internet services throughout city facilities.
In order to aid in Oakland’s recovery efforts, Interim City Administrator G. Harold Duffey declared a local state of emergency. That declaration is allowing the city to expedite procurement of equipment and materials, activate emergency workers if needed, and issue orders on an expedited basis.
While many critical services have been restored, some continue to remain unavailable.
On Feb. 15, the city said it remained unable to collect payments, process reports, and issue permits and licenses. As a result, some city buildings were closed. As a work-around, city leaders encouraged the public to email the service counters they want to visit before coming to city buildings. In response to an upcoming deadline for the Business Tax License – which has an associated late fee – the city provided a 45-day extension before it will impose a late fee.
Despite issuing numerous updates on recovery steps, the city has not provided any information about who it believes may have committed the ransomware attack, or what specific information they have gained access to. Rather, the city has focused on communicating what information the cybercriminals did not gain access to.
Early on, the Oakland IT Department reported that it was working with a forensics firm to perform an extensive incident response and analysis, as well as with additional cybersecurity and technology firms on recovery and remediation efforts.