Cyber Incident Victim: City of Modesto
Date:
Feb 2023
Location:
United States of America
Summary
Two California cities experienced ransomware attacks within days of each other, disrupting municipal operations and forcing emergency service adaptations. Oakland confirmed a ransomware incident that prompted precautionary shutdowns of affected systems, causing service delays while core emergency functions remained operational. Modesto detected suspicious network activity leading to partial disconnections; its police department relied on handheld radios and manual methods for patrols due to prolonged computer outages, though emergency call services were unaffected. Both municipalities engaged cybersecurity experts and law enforcement to investigate the incidents.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
The cities of Oakland and Modesto in California experienced a disruptive cyber incident in early February 2023, causing significant impacts to their respective municipal operations. The incident, which was later identified as a ransomware attack, highlighted the growing threat of cyberattacks targeting critical infrastructure and the potential consequences for public safety and city management.
In Oakland, city officials confirmed a ransomware incident that began on the evening of Wednesday, February 8th. The attack affected the city's municipal networks, prompting the Information Technology Department to coordinate with law enforcement and cybersecurity experts to assess the scope and severity of the breach. As a precautionary measure, all impacted city services were taken offline to prevent further disruption and to facilitate the investigation. Oakland officials reassured the public that core functions, including 911 emergency services and financial data, remained intact and unaffected by the attack. However, the city anticipated delays in providing certain services during the restoration process and pledged to keep the public informed as more information became available.
Meanwhile, in Modesto, the local police department encountered a computer outage that forced them to adopt "old-school policing" tactics. Anonymous sources revealed that the police force had been grappling with disrupted computer systems for several days before the incident gained public attention. Despite the challenges, Modesto officials assured the public that their ability to facilitate emergency services and answer 911 calls remained fully operational, demonstrating the city's swift response to maintain critical functions. While a ransomware attack was not explicitly confirmed, Modesto officials acknowledged detecting "suspicious activity" within their networks, prompting them to proactively disconnect portions of the network to mitigate potential risks.
The simultaneous timing of these attacks raised concerns about the vulnerability of critical infrastructure to cyber threats. As neighboring cities located within close proximity, Oakland and Modesto faced similar challenges in protecting their digital assets and ensuring the continuity of essential services. The impact of the attacks extended beyond the technical realm, underscoring the human element of cyber incidents. The reliance on technology in modern policing was evident as officers had to rely on analog tools like handheld radios, pens, and paper during patrols, showcasing the potential disruption to operational effectiveness and response times.
In the aftermath of the attacks, both cities embarked on a path of recovery and resilience. Investigators and cybersecurity experts played a pivotal role in unraveling the intricacies of the attacks, identifying vulnerabilities, and recommending enhancements to bolster future defense capabilities. The process of restoring affected systems and data was meticulous, ensuring that all remnants of malicious software were eradicated to prevent recurrence. The cities also seized the opportunity to reevaluate their cybersecurity postures, implementing measures to fortify their digital defenses and safeguard sensitive information.
The incident drew attention to the evolving landscape of cyber threats and the increasing targeting of local governments and critical infrastructure. The disruption caused by the attacks underscored the importance of proactive cybersecurity measures, including robust network monitoring, employee training, and comprehensive backup strategies. As cyber threats continue to evolve in sophistication and frequency, local governments and organizations must remain vigilant and adaptive in their defense strategies to protect the interests of their constituents and maintain the integrity of their operations.
The response and recovery efforts undertaken by Oakland and Modesto exemplified the resilience of communities in the face of cyber adversity. Through collaboration with law enforcement, cybersecurity experts, and the dedication of city officials, the cities navigated the challenges posed by the attacks. The incident served as a catalyst for heightened awareness, fostering a stronger culture of cybersecurity and reinforcing the necessity of proactive defense mechanisms. As digital transformation continues to shape the landscape, local governments are poised to embrace more robust cybersecurity frameworks, safeguarding their operations and the well-being of their citizens.