LockBit attacks California’s Department of Finance

California’s Department of Finance has been targeted by a cyberattack claimed now by LockBit ransomware.

The California Cybersecurity Integration Center, a consortium of federal and state agencies that are dedicated to cyber security protection, has initiated an investigation.

Ongoing investigation

The California Governor’s Office of Emergency Services confirmed that the Department of Finance was affected by cyber incidents, but didn’t provide any further details.

The intrusion was detected and prevented by coordination between federal and state security partners. After identifying the threat, online threat-hunting and digital security experts were quickly deployed to quickly assess its extent and evaluate, limit, and mitigate any future vulnerability” –

The extent of the damage done by hackers and how they were able to hack the department are not known. The state of California claims that the hack did not affect state funds.

LockBit says 75GB worth of files have been stolen

The LockBit ransomware gang announced Monday that they had breached California’s Department of Finance and stolen confidential financial data and IT documents.

The hackers released a handful of screenshots of files that they claimed to have stolen from California’s Department of Finance.

source: BleepingComputer

Hackers also uploaded a screenshot showing the directory structure and number of files. A properties dialog displays a total of 75.3GB data, with more than 246,000 files stored in over 114,000 folders.

LockBit’s data leaked site displays a counter for payment by December 24, and threatens to publish the entire files until they pay.

A disgruntled operator leaked the secret code that allowed for LockBit encryption and decryption in September.

One week later, an unknown group calling itself began using the device in attacks on a Ukrainian entity.

A 33-year old Russian national, suspected of being connected to LockBit’s ransomware gang, was detained in Ontario, Canada, October. The ransomware was believed to be used on large industrial and critical infrastructure.

Europol stated at the time that this individual was a “high value target” due to his involvement with numerous ransomware cases. They demanded between EUR5 and EUR70 millions from victims.

LockBit’s operators tend to focus on large corporations and being active in the ransomware market.

This year, LockBit’s victims include the automotive company and security firm .

This gang is driven by financial goals and was the first to create a that offers rewards up to $1,000,000 for any vulnerabilities found on their website, lockers, or new ideas in order to expand their operations.