California’s Department of Finance Investigating Cybersecurity Incident
The California Department of Finance has confirmed that it is investigating a ‘cybersecurity incident’ after the prolific LockBit ransomware group claims to have stolen confidential data from the agency.
Background on the Incident
According to a statement released by the California Office of Emergency Services (Cal OES), the threat was identified through coordination with state and federal security partners. The statement does not provide any specifics about the nature of the incident, who was involved or whether any information had been stolen.
The California Department of Finance did not respond to TechCrunch’s questions prior to publication. However, in a statement provided by Cal OES, officials stated that "while we cannot comment on specifics of the ongoing investigation, we can share that no state funds have been compromised, and the department of finance is continuing its work to prepare the governor’s budget that will be released next month."
LockBit Ransomware Group Claims Responsibility
The notorious LockBit ransomware gang has claimed responsibility for the attack. In a post on its dark web leak site seen by TechCrunch, the Russia-affiliated group claims to have stolen 76GB of files from the agency, including "databases, confidential data, financial documents, certification, IT documents, and sexual proceedings in court."
Screenshots shared by LockBit lend some weight to its claim. However, the ransomware gang’s claims should still be taken with skepticism. In June, the group claimed it breached cybersecurity company Mandiant, which was later revealed as false.
History of LockBit Ransomware
LockBit has a history of aggressive and high-profile attacks. The group has claimed at least 1,000 victims in the United States and has extracted tens of millions of dollars in actual ransom payments from their victims.
In November, the U.S. Department of Justice charged a dual Russian and Canadian citizen linked to LockBit over his alleged involvement in attacks targeting critical infrastructure and large industrial groups worldwide.
Ransomware Recovery Can Be Costly
Ransomware recovery can be costly, and not just because of the ransom. According to experts, the cost of recovering from a ransomware attack can range from tens of thousands to millions of dollars, depending on the severity of the incident.
In addition to the financial costs, ransomware attacks can also result in significant downtime, lost productivity, and reputational damage for affected organizations.
What This Means for California’s Department of Finance
The investigation into the cybersecurity incident at the California Department of Finance is ongoing. While officials have stated that no state funds have been compromised, the fact that LockBit claims to have stolen 76GB of files raises concerns about the potential impact on the agency’s operations and reputation.
As the investigation continues, it remains to be seen whether the ransomware gang will follow through on its threat to leak the stolen data if its demands are not met.
Timeline of Events
- November: The U.S. Department of Justice charges a dual Russian and Canadian citizen linked to LockBit over his alleged involvement in attacks targeting critical infrastructure and large industrial groups worldwide.
- December 24: LockBit gives California’s finance department a deadline to pay its as-yet unspecified ransom demand.
Related News
- Clop Ransomware Gang Names Dozens of Victims Hit by Cleo Mass-Hack, But Several Firms Dispute Breaches
- PowerSchool Data Breach Victims Say Hackers Stole ‘All’ Historical Student and Teacher Data
What’s Next?
The investigation into the cybersecurity incident at the California Department of Finance is ongoing. As more information becomes available, we will provide updates on this developing story.
In the meantime, experts recommend that organizations take proactive measures to prevent ransomware attacks, including:
- Implementing robust cybersecurity protocols and regularly updating software
- Conducting regular backups and testing disaster recovery plans
- Educating employees about phishing and other social engineering tactics used by attackers
- Investing in incident response planning and training
By taking these steps, organizations can reduce their risk of falling victim to a ransomware attack and minimize the potential impact if an incident does occur.