The city of Auckland is on the defensive after it began exposing data stolen by ransomware attackers who broke into the municipality’s network last month.
City officials issued a statement on Friday, apologizing for the continued disruption the incident has caused.
“We have recently become aware of an unauthorized third party that has obtained certain files from our network and is attempting to publish that information.”
“We are working with third-party experts and law enforcement on this issue and are actively monitoring unauthorized third-party claims to investigate their effectiveness. If we determine that the information is relevant, we will notify the individual in accordance with applicable law.”
According to reports, actors associated with the ransomware group Play have actually started exposing stolen files. It is not yet known what data was obtained, but it most likely contained personal information of city employees.
The city was forced to declare a state of emergency after the first incident last month. This gives you access to additional resources from the California Governor’s Office of Emergency Services (CalOES). This includes IT professionals from CalOES and other state departments such as the California State Department of Defense.
They are still working on “restore workstations”, suggesting the ransomware could cause significant damage.
911 services were not affected, but non-emergency systems were taken offline after the February 8 breach.
According to an update on February 28, the city’s OAK311 phone system has been restored, as has the permit application system. However, an online corporate tax payment system was not yet available at the time, and parking ticket cashiers could not process payments or receive calls.
Given the turmoil the city of Auckland is going through and Play Group’s decision to leak the stolen data, it appears Auckland did not pay the demanded ransom.
