The Play gang disclose data stolen from the City of Oakland
The starting data leak consisted of a 10GB multi-part RAR archive.

Another cyberattack has taken place where The Play ransomware gang has started to leak data from the City of Oakland, California that was earlier stolen in a cyberattack.

The starting data leak consisted of a 10GB multi-part RAR archive that contained highly confidential documents, information about an employee, passports, IDs and other important documents.

“Private and personal confidential data, financial information. IDs, passports, employee full info, human rights violation information. For now partially published compressed 10gb,” stated the cybercriminals on their data leak site.

Alleged City of Oakland data leaked on data leak site
Source: BleepingComputer

The City stated in a statement, that they are investigating the situation and soon will provide detailed information to the individual whose data has been exposed.

“While the investigation into the scope of the incident impacting the City of Oakland remains ongoing, we recently became aware that an unauthorized third party has acquired certain files from our network and intends to release the information publicly,” the City of Oakland said in a statement.

“We are working with third-party specialists and law enforcement on this issue and are actively monitoring the unauthorized third party’s claims to investigate their validity. If we determine that any individual’s personal information is involved, we will notify those individuals in accordance with applicable law.”

The City suffered from the attack on 8th February. All the IT systems were taken offline until the network was ensured.

Many systems were taken offline like the phone service and other services like systems resorted to collecting payments, processing reports and issuing permits and licenses. However, the attack did not hit 911 and other emergency services.

After the attack, Oakland announced a local state of emergency to allow the City to accelerate orders, equipment procurement and materials and activate emergency employees as needed.


Who is the Play Ransomware?

A comparatively recent ransomware organisation called Play, sometimes known as PlayCrypt, first emerged in June 2022. It received a huge amount of attention for its attacks on the German hotel business H-Hotels and the Córdoba Judiciary of Argentina. Organizations in South America, especially Brazil, are the main focus of Play.

The gang recently launched a ransomware attack against the hosting company Rackspace, and it used a unique exploitation technique.


What is ransomware?

A form of virus known as ransomware prohibits or restricts users’ access to their systems, either by locking the system’s screen or by encrypting the users’ files, in exchange for a ransom.


What does ransomware do?

Once gaining access to a machine, ransomware might start encrypting its contents. This only requires accessing the files, encrypting them with an attacker-controlled key, and then changing the originals with the encrypted copies because encryption technology is integrated into an operating system.