City of Oakland posts statement on ransomware attack, as hackers begin posting data online

The City of Oakland Monday acknowledged that its servers have been hijacked by a hacker group called Play, in a cyberattack that has crippled the city's systems and compromised private data.

Mayor Sheng Thao declined to talk about the issue and the City Administrator's office was dark Monday afternoon.

Instead, a message was posted on the city's website acknowledging the ransomware attack and warning about a network outage. 

"Moving forward we will focus on strengthening the security of our information technology systems," said Mayor Sheng Thao in the statement on the website.

The hacker group ramped up the stakes over the weekend. Online, the group posted a statement declaring they have access to personal confidential data, financial information, IDs, passports, employee information, and human rights violation information.

The website indicated the page had more than 1,130 views.

The hacker group posted a link with a password for people to download part of the stolen data and issued a threat saying, "If there (sic) no reaction full dump will be uploaded."

Cooper Quintin, a Senior Staff Technologist with the Electronic Frontier Foundation, says the hacker group Play is not well-known, but has been flagged in the past by some cybersecurity websites that share bits of codes from various hacker groups in order help tech experts fight off attacks and improve security.

"It looks like they have ties to some pretty established ransomware groups like Conti, which was a big one as recently as last year," said Quintin.

Quintin was able to access parts of Play's hacker code from an online cybersecurity page.

"So this is a bespoke piece of software they've developed in house that they can, you know, on any computer system that they get a foothold on, they can deploy it and just instantly encrypt all the files and then send a message...demanding a ransom," said Quintin.

"These attacks can come through unpatched vulnerabilities in IT infrastructure, exploits that are previously unknown. Or even you know, phishing attacks...even just stolen account credentials, passwords, and usernames that were stolen off the internet or that were leaked and other hacks," said Quintin.

"What play has done is they have encrypted those files on Oakland City's servers with a code that only Play knows," said Quintin, "They have an unencrypted copy of the data, an unscrambled copy that they could read or give to whoever they want and Oakland doesn't have access to their own files unless they pay up,"

The City of Oakland posted this statement online, "We are dedicated to a thorough analysis to determine what and whose information is potentially involved, which will take time to complete. We are also coordinating this effort with law enforcement, including the FBI."

"We are asking business owners, please check your bank regularly," said Carl Chan, President of the Oakland Chinatown Chamber Foundation.

Chan says many Oakland businesses are worried about their tax and banking account information being made public.

The cyber attack has made a mess of the city's critical computing infrastructure, so businesses were unable to pay taxes by the March 1st deadline. 

"Many of our business owners, they also worry about, you know, paying the business tax late," said Chan.

The city has tried to respond to the downed systems by offering extensions on contracts and extending the business tax deadline until April 17th.

The city urges businesses and individuals to monitor their accounts for the next 24 months and report any potential fraud.

Quintin says there are some important measures everyone should take to protect themselves.

"Keep backups because if you do get ransom if you do get infected with ransomware, you can restore from the backups if you have them, but if you don't have them, then you have to make this choice about whether to pay or whether to lose all your files," said Quintin.

Quintin says it's critical for people to update their software regularly and for cities such as Oakland to invest more in cybersecurity teams.

Jana Katsuyama is a reporter for KTVU.  Email Jana at and follow her on Twitter @JanaKTVU or Facebook @NewsJana or