City of Oakland declares state of emergency after ransomware attack

Oakland has declared a local state of emergency because of the impact of a ransomware attack that forced the City to take all its IT systems offline on February 8th.

Interim City Administrator G. Harold Duffey declared a state of emergency to allow the City of Oakland, California, to expedite orders, materials and equipment procurement, and activate emergency workers when needed.

"Today, Interim City Administrator, G. Harold Duffey issued a local state of emergency due to the ongoing impacts of the network outages resulting from the ransomware attack that began on Wednesday, February 8," a statement issued today reads.

The incident did not affect core services, with the 911 dispatch and fire and emergency resources all working as expected.

While last week's ransomware attack only impacted non-emergency services, many systems taken down immediately after the incident to contain the threat are still offline.

The ransomware group behind the attack is currently unknown, and the City is yet to share any details regarding ransom demands or data theft from compromised systems.

A City of Oakland spokesperson could not provide additional details when BleepingComputer reached out for more information immediately after the incident was disclosed.

"The City's IT Department is working with a leading forensics firm to perform an extensive incident response and analysis, as well as with additional cybersecurity and technology firms on recovery and remediation efforts," the statement said.

"This continues to be an ongoing investigation with multiple local, state, and federal agencies involved."

​Almost three years ago, in July 2019, Louisiana Governor John Edwards also declared a state of emergency after a wave of ransomware attacks that hit the state's school districts.

That month, the IT systems of school districts in Morehouse, Sabine, Monroe City, and Ouachita were all taken offline after being encrypted with ransomware causing state-wide disruptions to school systems.

The Federal Motor Carrier Safety Administration (FMCSA) also issued a regional emergency declaration affecting 17 states and the District of Columbia after a DarkSide ransomware attack took down Colonial Pipeline, the largest fuel pipeline in the United States.

Emsisoft threat analyst Brett Callow said that "at least 6 U.S. local governments have been impacted by ransomware already this year, with at least 4 of them having had data stolen."

Microsoft also revealed in January that it's now tracking more than 100 ransomware gangs known to have deployed over 50 unique ransomware families until the end of last year.