Skip to main content
close search
site logo
Dive Brief

California authorities confirm cyber intrusion, LockBit claims ransomware hit

Published Dec. 12, 2022
Matt Kapko's headshot
Senior Reporter
The California statehouse
The California statehouse. The image by Jimmy Emerson, DVM is licensed under CC BY-ND 2.0

Dive Brief:

  • California’s Department of Finance was hit by a cyberattack and multiple state agencies are responding in coordination with the California Cybersecurity Integration Center. The state Office of Emergency Services is investigating the incident and is working to contain the impact and mitigate future vulnerabilities, according to a statement released Monday.
  • The LockBit ransomware group listed the state’s finance department on its leak site Monday and claims it stole 76 GB of data from the department, including databases, financial documents, court filings and IT documents, according to Brett Callow, threat analyst at Emsisoft.
  • California officials said the attack was proactively identified and “no state funds have been compromised,” but declined to provide further details. 

Dive Insight:

LockBit, a Russia-affiliated ransomware group which has been on a spree of late, set a deadline of Dec. 24 for California’s Department of Finance to meet its ransom demand, according to a screenshot Callow posted on Twitter.

LockBit has attacked at least 1,000 organizations since it first appeared in January 2020, according to the U.S. Justice Department.

NordLocker research published in September found LockBit was the most prolific ransomware group between January 2020 and July 2022, responsible for 855 attacks or 16% of all known cases during the period.

LockBit also claimed responsibility for the June attack on cybersecurity vendor Entrust.

California officials have not identified the threat actors behind the attack nor commented as to the extent of any data loss. The state’s site for the annual budget is currently inaccessible.

“LockBit has falsely claimed attacks on organizations before, so this claim shouldn’t be assumed to be accurate. Nor should it be assumed that any data they did obtain is as described,” Callow said via email.

“The forensic work needed to work out what data was compromised can take weeks, and ransomware actors attempt to use this period of uncertainty to their advantage,” Callow said.

The California Cybersecurity Integration Center includes the state’s Office of Emergency Services, Department of Technology, the California Military Department and the California Highway Patrol.

Filed Under: Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
DigiCert Releases First-of-Its-Kind Open-Source DCV Library to Elevate Industry Standards
From DigiCert
December 18, 2024
Migliaccio and Rathod Investigates Byte Federal Data Breach
From Migliaccio and Rathod
December 12, 2024
Only Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Eva…
From Cynet Security
December 11, 2024
Rumpke Data Breach Investigation
From Migliaccio and Rathod
December 11, 2024
Editors' picks
Latest in Cyberattacks
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.