Contents:
Lockbit, the notorius Russian-linked ransomware group, claims to have added nine new victims to its growing list of conquests. The Finance Department for the state of California is reportedly one of them. According to the announcement allegedly posted on the dark web, if the ransom demands aren’t met by December 24, the group threatens to leak data.
An investigation has already started, according to California Governor’s Office of Emergency Services. The California Cybersecurity Integration Center (Cal-CSIC), a group of state and federal agencies with the mission to protect the state against cybercrime, was tasked to investigate the threat.
The intrusion was proactively identified through coordination with state and federal security partners. Upon identification of this threat, digital security and online threat-hunting experts were rapidly deployed to assess the extent of the intrusion and to evaluate, contain and mitigate future vulnerabilities.
75GB of Allegedly Stolen Data
The LockBit ransomware group announced on Monday that they had broken into the California Department of Finance and stolen databases, confidential data, financial documents, and IT documents.
The hackers claimed that they were able to break into the IT infrastructure of the California Department of Finance, and they provided evidence by releasing a few screenshots of the stolen files they supposedly stolen.
The number of directories and files exposed by the hackers was also published online, according to Bleeping Computer. There are over 246,000 files and over 114,000 folders totaling 75.3GB of data, as displayed in the properties dialog.
$30,000 per Breached Server
Cyber threat pundit Dark Feed was among the first ones to tweet about the Lockbit latest attack, and was backed up shortly by Falcon Feedsio, another deep web watcher, who posted: “The Department of Finance, State of California, has been added to the list of victims by the Lockbit ransomware gang.”.
After the initial Twitter announcement, rumors began circulating on the social media platform that an initial access broker (IAB) was offering a way past the department’s cyber defenses for $30,000 per breached server, Cyber News explained.
Approximately at the same time that Lockbit claims to have breached the department’s cyber defenses, a screenshot of a post was made by an initial access broker (IAB) apparently offering a way past the cyber defenses.
LockBit made its first appearance as a RaaS (ransomware-as-a-service) operation in 2019. LockBit operators are among the most active in the high-stakes ransomware scene, where they typically target large corporations for extortion. The automotive giant Continental, Thales Global Tech Company, UK insurance company Kingsfisher have all fallen victim to LockBit this year.
The official statement of California Governor’s Office of Emergency Services on the cybersecurity incident is available here.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.