Data Stolen From the City of Oakland Leaked by Ransomware Group - 1

Data Stolen From the City of Oakland Leaked by Ransomware Group

  • Written by Ari Denial Cybersecurity & Tech Writer

The recent cyberattack on the City of Oakland, California has resulted in the Play ransomware gang leaking stolen data.

The declaration of a state of emergency by the City of Oakland, California, following a ransomware attack underscores the tangible impact cyberattacks can have, as services were disrupted due to leaking a multi-part RAR archive of 10GB, claimed to contain confidential documents, employee information, passports, and IDs.

The cyber-gang responsible for the attack uses a combination of encryption algorithms to secure the files, rendering them inaccessible without the decryption key. According to their claims, the hackers behind the Play Ransomware possess a “master key” that can decrypt all files affected by their malware. They also allege that they exfiltrate data from their victims before encrypting it and threaten to publish it online if the ransom is not paid within a specified time frame. The ongoing data leak involving the City of Oakland is a demonstration of this tactic.

Play Ransomware, which is also referred to as PlayCrypt, is a recently established ransomware operation that commenced its activities in June 2022. The ransomware adds the extension .play to the encrypted files and includes a note containing the term PLAY, as well as an email address for contacting the attackers, as stated by the cybersecurity company Avertium.

Following the ransomware attack on February 8th, the City’s IT systems were shut down until the network could be secured. Although emergency services and 911 were unaffected by the attack, numerous other systems were taken offline, including phone service, payment collection, report processing, and permit and license issuance.

The City of Oakland is collaborating with third-party specialists and law enforcement to address the situation and is closely monitoring the unauthorized third party’s assertions to assess their accuracy. In the event that the personal information of any individuals is discovered to be involved, they will be informed as per the applicable laws.

Although the perpetrator of the attack was initially unknown, it has been revealed, or at least claimed, that the Play Ransomware gang is responsible. Cybersecurity analyst and researcher, Dominic Alvieri, confirmed this on Twitter.

Payment Card Information of Two Million Users Leaked by Dark Web Marketplace BidenCash - 2

Payment Card Information of Two Million Users Leaked by Dark Web Marketplace BidenCash

  • Written by Ari Denial Cybersecurity & Tech Writer

To mark its first anniversary, the carding platform BidenCash has released a free database containing 21,65,700 credit and debit cards on the internet.

While legitimate businesses celebrate their birthdays by offering discounts, cybercriminals like BidenCash mark their anniversaries by distributing stolen goods, as evident by their recent announcement of giving away credit card data.

The information that has been leaked consists of the complete names of the cardholders, along with their card numbers, bank information, expiry dates, and the card verification value (CVV) numbers. Additionally, the dataset contains the home and email addresses that are linked to the compromised cards.

The leaked data, which was first detected by Cyble researchers , is quite extensive and includes information on a minimum of 7,40,858 credit cards, 8,11,676 debit cards, and 293 charge cards.

While many of them were duplicates, there are still 21,41,564 unique payment cards among them, as confirmed by Andrea Draghetti, the Head of Threat Intelligence at D3Lab.

According to Draghetti’s statement to BleepingComputer, the enormous database also contains around 4,97,000 distinct email addresses, originating from over 28,000 different domains. This information could be extremely valuable as a tool for future targeted phishing scams or other fraudulent campaigns.

According to the threat intelligence firm Flashpoint, the carding shop has been operational since February 28, 2022, and has quickly climbed up the ranks to secure the fifth position in the total volume ranking.

Last October, the carding shop made available an additional dump of 1,221,551 credit cards for free. Similarly, as was observed this week, the criminals shared this information through a clearnet domain and multiple hacking and carding forums.

When D3Lab analyzed a random sample of the leaked credit cards at the time, they found that approximately 30% of them were “fresh,” meaning they could be used for committing financial fraud.