article featured image


Lockbit, the notorius Russian-linked ransomware group, claims to have added nine new victims to its growing list of conquests. The Finance Department for the state of California is reportedly one of them. According to the announcement allegedly posted on the dark web, if the ransom demands aren’t met by December 24, the group threatens to leak data.

An investigation has already started, according to California Governor’s Office of Emergency Services. The California Cybersecurity Integration Center (Cal-CSIC), a group of state and federal agencies with the mission to protect the state against cybercrime, was tasked to investigate the threat.

The intrusion was proactively identified through coordination with state and federal security partners. Upon identification of this threat, digital security and online threat-hunting experts were rapidly deployed to assess the extent of the intrusion and to evaluate, contain and mitigate future vulnerabilities.


75GB of Allegedly Stolen Data

The LockBit ransomware group announced on Monday that they had broken into the California Department of Finance and stolen databases, confidential data, financial documents, and IT documents.

The hackers claimed that they were able to break into the IT infrastructure of the California Department of Finance, and they provided evidence by releasing a few screenshots of the stolen files they supposedly stolen.


The number of directories and files exposed by the hackers was also published online, according to Bleeping Computer. There are over 246,000 files and over 114,000 folders totaling 75.3GB of data, as displayed in the properties dialog.

$30,000 per Breached Server

Cyber threat pundit Dark Feed was among the first ones to tweet about the Lockbit latest attack, and was backed up shortly by Falcon Feedsio, another deep web watcher, who posted: “The Department of Finance, State of California, has been added to the list of victims by the Lockbit ransomware gang.”.

After the initial Twitter announcement, rumors began circulating on the social media platform that an initial access broker (IAB) was offering a way past the department’s cyber defenses for $30,000 per breached server, Cyber News explained.

Approximately at the same time that Lockbit claims to have breached the department’s cyber defenses, a screenshot of a post was made by an initial access broker (IAB) apparently offering a way past the cyber defenses.


LockBit made its first appearance as a RaaS (ransomware-as-a-service) operation in 2019. LockBit operators are among  the most active in the high-stakes ransomware scene, where they typically target large corporations for extortion. The automotive giant ContinentalThales Global Tech Company, UK insurance company Kingsfisher have all fallen victim to LockBit this year.

The official statement of California Governor’s Office of Emergency Services on the cybersecurity incident is available here.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Madalina Popovici

Digital PR Specialist

linkedin icon

Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.

Leave a Reply

Your email address will not be published. Required fields are marked *

Protect your business by doing more with less

Book a Demo