LockBit Ransomware Group Breaches California’s Finance Department 
Reading Time: 2 minutes

LockBit Ransomware Group claims to have breached California’s Finance department stealing confidential data from the agency.

California Office of Emergency Services (Cal OES) on Monday said the threat was an “intrusion” that was “identified through coordination with state and federal security partners.”

There’s not much information given about the incident, including who it may have affected. The California Department of Finance also refused to comment to TechCrunch before publication.

The Division of Criminal Investigation is investigating specified leads. We cannot comment on any specific details of the investigation, but we can say confidently that no state funds have been compromised. Additionally, the department of finance is continuing its work on preparing the governor’s budget for release next month.

Officials refuse to comment on the alleged attack, but the notorious LockBit ransomware group on Monday claimed responsibility. In a post on our dark web leak site, seen by TechCrunch, they claim they stole 76GB of files from the agency. Files include databases, confidential data, financial documents, certification, IT documents, and more.

While screenshots shared by LockBit lend some weight to its claim, the gang’s claims should still be taken with a bit of skepticism. In June, the group claimed it breached cybersecurity company Mandiant, which was later revealed as false. The ransomware group faked the incident in response to a Mandiant investigation that demonstrated significant overlaps between LockBit and the U.S.-sanctioned Evil Corp group.

LockBit has given California’s finance department a December 24 deadline to pay its as-yet unspecified ransom demand. If the agency fails to pay, the ransomware gang threatens to leak the entire cache of stolen data.

This newest cyber breach comes just a month after the U.S. Department of Justice charged a dual Russian and Canadian citizen with attacking critical infrastructure and large industrial groups worldwide, in November 2018. At the time, the DOD said that LockBit has claimed at least 1,000 victims in the United States and has extorted tens of millions of dollars in actual ransom payments from their victims.

Related Articles:
Cryptomining Chaos RAT Targeting Linux Systems
Malware Strains Target Python and JavaScript Developers Through Official Repositories
Why Not to Become a Self-Taught Ethical Hacker in 2023?