LockBit threatens to leak confidential info stolen from California's beancounters

LockBit claims it was behind a cyber-attack on the California Department of Finance, bragging it stole data during the intrusion.

The notorious ransomware gang boasted it exfiltrated 76GB from the state agency, which apparently included databases, confidential information, financial and IT documents, and, oddly enough, "sexual proceedings in court." LockBit has promised to publish "all available data" on December 24, presumably unless the California state government pays a ransom, although no information has been released about any monetary demand. 

To be clear: cybercriminals aren't the most trustworthy people. As Emsisoft threat analyst Brett Callow said, "It should be noted that not all of LockBit's past claims have been true."

#LockBit has listed the State of California's Finance Department. It should be noted that not all of LockBit's past claims have been true. 1/2 #ransomware pic.twitter.com/jmf5ap15xz

— Brett Callow (@BrettCallow) December 12, 2022

Officials in the US state did not go into much detail about the affair other than to confirm there had been a "cybersecurity incident." The California Cybersecurity Integration Center (Cal-CSIC) said it is "actively responding" to an intrusion into the Finance Department's IT network.

No state funds have been compromised, and the Department of Finance is continuing its work

The security breach was "proactively identified" through a coordinated state and federal effort, according to a statement. "Upon identification of this threat, digital security and online threat-hunting experts were rapidly deployed to assess the extent of the intrusion and to evaluate, contain and mitigate future vulnerabilities," the center added.

The response team includes the Governor's Office of Emergency Services, Department of Technology, California Military Department and California Highway Patrol.

"While we cannot comment on specifics of the ongoing investigation, we can share that no state funds have been compromised, and the Department of Finance is continuing its work to prepare the Governor's Budget that will be released next month," the statement said.

A spokesperson for the Governor's Office of Emergency Services declined to share any other details about the intrusion or to confirm LockBit's claims. 

• Inadequate IT partly to blame for NHS doctors losing 13.5 million working hours
• LockBit gang hit by DDoS attack after threatening to leak Entrust ransomware data
• LockBit ransomware gang claims it ransacked Italy's tax agency
• Lockbit wins ransomware speed test, encrypts 25,000 files per minute

Ransomware groups have attacked at least 101 state and local government agencies in the US this year, and at least 22 of those have had data stolen, according to Callow.

The LockBit gang has been around since 2019, deploying its malware against high-profile targets in multiple nations. According to US prosecutors, this ransomware strain has been deployed against more than 1,000 entities, and members of the gang have extracted "tens of millions" of dollars in ransom payments.

Last month, Canadian authorities arrested Mikhail Vasiliev, a suspected member of the infamous ransomware mob. The Canadian and Russian national is awaiting extradition to the US for his alleged involvement with LockBit. ®