City of Oakland Ransomware Attack

Target Audience

Undergraduate
Graduate

Keywords

ransomware
cyber attack
municipal cybersecurity
data breach

Introduction

Overview

The City of Oakland experienced a severe ransomware attack in February 2023, leading to a local state of emergency. The attack disrupted critical city services, including payroll systems, and resulted in the leak of 600GB of sensitive data after the city refused to pay the ransom. A lawsuit from the Oakland Police Department union followed, prompting increased investments in cybersecurity infrastructure.

Vulnerability Details

On February 8, 2023, a ransomware attack targeted the City of Oakland, impacting multiple municipal systems. The attack was carried out by the ransomware group Play, which encrypted city data and demanded a ransom. When the city refused to comply, the attackers leaked employee and resident data online, with a second data dump reaching 600GB. In response, Oakland declared a local state of emergency and began restoring systems from backups. The incident led to legal challenges and a budget allocation of $10 million to enhance IT security.

Learning Objectives

Understand the impact of ransomware attacks on municipal governments
Analyze the response and recovery strategies following a cyberattack
Evaluate key lessons learned from the incident

Download

Remote Terminal

Terminal Description

Answer the following questions to assess your understanding of the City of Oakland ransomware attack.

Read the case study details carefully.
Select the most appropriate answer for each multiple-choice question.
Review key lessons from the breach and understand mitigation strategies.

Relevant articles and reports on municipal ransomware attacks.

Module Questions

What did the City of Oakland declare in response to the ransomware attack?A national emergencyA local state of emergencyBankruptcyA cybersecurity task force

When did the ransomware attack on the City of Oakland occur?January 2023February 8, 2023March 2023April 2023

Which ransomware group claimed responsibility for the attack?LockBitREvilPlayConti

What was one of the critical systems impacted by the ransomware attack?Social media accountsCity payrollPublic transportationWater supply

What happened after the City of Oakland refused to pay the ransom?The attackers deleted the stolen dataThe city's systems were permanently shut downEmployee and resident data was leaked onlineThe attackers apologized and returned the data

How much data was leaked in the second data dump published by the attackers?100 GB300 GB600 GB1 TB

What was the City of Oakland's response to the ransomware attack in terms of system restoration?They paid the ransom to recover the dataThey rebuilt systems from backupsThey shut down all systems permanentlyThey outsourced IT operations to a third party

What legal action was taken against the City of Oakland following the breach?A lawsuit from the Oakland Police Department unionA federal investigation by the FBIA class-action lawsuit from residentsNo legal action was taken

How much has the City of Oakland budgeted to strengthen its IT systems and networks?1 million5 million10 million20 million

What is one of the key lessons learned from the attack?Ransomware groups only target large citiesPaying the ransom guarantees data recoveryRegular pentests and stress tests are crucialBackups are unnecessary for ransomware recovery