No state funds have been compromised, according to a statement provided by the Governor’s Office of Emergency Services.
No state funds have been compromised, according to a statement provided by the Governor’s Office of Emergency Services.
Stay up to speed on all the latest local and national political news.
No state funds have been compromised, according to a statement provided by the Governor’s Office of Emergency Services.
Multiple federal and state agencies are responding to a cybersecurity attack on the California Department of Finance, state officials confirmed Monday.
No state funds have been compromised in the apparent hacking, according to a statement provided by the Governor’s Office of Emergency Services. The office said it could not provide any more specifics on the investigation as of Monday afternoon.
The update comes after Russian-affiliated ransomware group LockBit reportedly claimed the California Department of Finance was one of its latest victims.
According to Cybernews, LockBit has claimed hundreds of high-profile organizations as victims and threatened to leak data if unspecified demands were not met by Dec. 24. Cybersecurity experts say those demands typically involve money.
California officials did not directly respond to the report Monday morning.
The California Department of Finance serves as the chief fiscal policy advisor to the governor for the state’s budget and accounting. The department is involved in the state’s budgeting process, but does not have direct links to the state’s bank accounts and taxpayer funds. Those fall under other state offices and agencies.
The department’s servers and website were back online as of Monday. The attack was not expected to affect the governor’s state budget proposal, which has a legal deadline of January 10, sources told KCRA 3.
State officials did not say when exactly the threat was identified, but said it was found by state and federal agencies. Sources close to the investigation told KCRA 3 the state responded proactively in the early stages of the issue and worked over the weekend to take control of the situation.
“LockBit operates on what’s known as a ransomware-as-a-service basis,” said Brett Callow, a threat analyst for anti-virus software company, Emsisoft. “This simply means that people can sign up as affiliates and use the ransomware to carry out attacks, splitting the proceeds with the people who created it – and those affiliates can be based anywhere,” Callow said.
Callow noted a former employee of the Canadian government was accused of carrying out cyber-attacks using Russian ransomware last year.
Callow said ransomware groups first try to steal data, and once that’s accomplished, they’ll try to lock the target’s networks.
“Perhaps in this case they were successful in stealing data,” Callow said in California’s case. “Their attempt to encrypt the systems were blocked, which could explain why things got back to normal so quickly.”
“There is still the issue of what to do about the stolen data,” Callow said. “What did they obtain and how could that data be misused?”
The U.S. Department of Justice last month charged a Canadian national, Mikhail Vasiliev, for his participation in the LockBit global ransomware campaign.
Federal prosecutors have said LockBit has been deployed against at least 1,000 victims in the United States and around the world. LockBit affiliates have made at least $100 million in ransom demands and have extracted tens of millions of dollars in actual ransom payments from their victims, according to investigators. The FBI has been investigating the LockBit conspiracy since in or around March 2020, according to the U.S. Department of Justice.
Hearst Television participates in various affiliate marketing programs, which means we may get paid commissions on editorially chosen products purchased through our links to retailer sites.