California State Finance Department, Lockbit Ransomware’s Latest Victim
The Ransomware Group Claims to Have Stolen over 75 GB of Data.
Last updated on December 15, 2022
Lockbit, the notorius Russian-linked ransomware group, claims to have added nine new victims to its growing list of conquests. The Finance Department for the state of California is reportedly one of them. According to the announcement allegedly posted on the dark web, if the ransom demands aren’t met by December 24, the group threatens to leak data.
An investigation has already started, according to California Governor’s Office of Emergency Services. The California Cybersecurity Integration Center (Cal-CSIC), a group of state and federal agencies with the mission to protect the state against cybercrime, was tasked to investigate the threat.
The intrusion was proactively identified through coordination with state and federal security partners. Upon identification of this threat, digital security and online threat-hunting experts were rapidly deployed to assess the extent of the intrusion and to evaluate, contain and mitigate future vulnerabilities.
The LockBit ransomware group announced on Monday that they had broken into the California Department of Finance and stolen databases, confidential data, financial documents, and IT documents.
The hackers claimed that they were able to break into the IT infrastructure of the California Department of Finance, and they provided evidence by releasing a few screenshots of the stolen files they supposedly stolen.
The number of directories and files exposed by the hackers was also published online, according to Bleeping Computer. There are over 246,000 files and over 114,000 folders totaling 75.3GB of data, as displayed in the properties dialog.
$30,000 per Breached Server
Cyber threat pundit Dark Feed was among the first ones to tweet about the Lockbit latest attack, and was backed up shortly by Falcon Feedsio, another deep web watcher, who posted: “The Department of Finance, State of California, has been added to the list of victims by the Lockbit ransomware gang.”.
After the initial Twitter announcement, rumors began circulating on the social media platform that an initial access broker (IAB) was offering a way past the department’s cyber defenses for $30,000 per breached server, Cyber News explained.
Approximately at the same time that Lockbit claims to have breached the department’s cyber defenses, a screenshot of a post was made by an initial access broker (IAB) apparently offering a way past the cyber defenses.
Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.