Play Ransomware Oakland Hack: Don’t Download Files

Oakland (Special to CESLasVegasNews.com) – Oakland is facing a cybercrime of giant proportions. The Play Ransomware Oakland pages that include links to files that are claimed to be sensitive actually inject malware into the host computer of the person who clicks on the link to download the file.

Play Ransomware has a marketing-type approach designed to get the victim to want to click on its links. They say the files contain confidential information on “human rights violations”. If that is the case, why can’t Play Ransomware just post the information on its website, rather than ask you to click on a link?

Malwarefixes.com reports the following news:

Play ransomware is injected into computers by means of spam email campaigns, fake software updates, Trojans, dubious software download sites, or unofficial activation tools. Play developers often send emails containing malicious attachments, usually executable files in particular such as JavaScript files, PDF documents, ZIP, RAR, and Microsoft office documents which ought to encourage target victims to view it. When opened, it can infect computers with high-risk malware like Play ransomware that operates by locating important and valuable files from user’s devices then encrypts and lock it using a strong algorithm.

Once data is corrupted by Play ransomware, it automatically appends a .play file extension. For example, image1.jpg becomes image1.jpg.play. Simultaneously, Play virus will create a text file containing the email address of the attackers, which is [email protected]. Normally, the note sent by attackers states that the files like photos, databases, documents and any other personal contents of the device are encrypted using a strongest algorithm. Hence, the case is different on this one because the text file only contains the email address.

City of Oakland Advised Not To Pay Play Ransomware

In this evaluation of what .Play does, PCRisk advised against paying Play Ransomware:

PLAY ransomware overview

PLAY’s message does not provide the standard information for ransom notes. This message does not inform victims of the data encryption, state the ransom size, or give payment instructions. The note consists of the program’s name (PLAY) and the attackers’ email address (which may vary depending on the variant).

Based on our extensive experience researching ransomware infections, we can conclude that decryption is usually impossible without the cyber criminals’ involvement. Furthermore, victims often do not receive the necessary tools to decrypt their data – despite meeting the criminals’ demands. Therefore, we advise against paying and thus inadvertently supporting this illegal activity.

Removing PLAY ransomware from the operating system will prevent it from further encryptions. Unfortunately, removal will not restore already compromised data. The only solution is recovering the files from a backup (if one is available).

Hence, we strongly recommend keeping backups in several different locations (e.g., unplugged storage devices, remote servers, etc.) – to ensure data safety.

And in his vlog, Zennie Abraham, Zennie62Media CEO and noted Oakland blogger and vlogger said not to download the files at all:

Hey everybody how you doing I’m gonna get right to the point play ransomware has purportedly downloaded first of all broken into city of Oakland’s computer system Network and downloaded what play ransomware claims to be
sensitive files personal information and strangely human rights violations I guess they’re referring to police I
don’t precisely know but I do know this I visited their website I have seen the pages where the files are on but I’m explaining to you and I’m not gonna get into how I technically believe you shouldn’t do this don’t download them no I will get in the way because think about it if play ransomware really had super sensitive files
that contain that were contain confidential information they wanted the public to really see then why don’t they just publish it why do I have to click on a link and download them from myself think about it why do I have to do that where’s the logic in that and will I really get what I expect to see if I press on that link and from what research I’ve done and from looking at the pages in their back end the answer is this no okay no you would say how do I know this well look most of my time is spent tending to my own server and installing new security systems that’s why time is spent doing that whereas other people who are in news don’t have that Talent more responsibility or desire which pretty much makes them smarter than me but anyway point I’m making is if play around somewhere was really interesting in Sharing sensitive confidential files because of the news in those files then they would take that information publish it on their own websites in English for everyone to see tell you where to go and that would be that but they didn’t do that so when you go and you click on that file you know what you’re going to bring
into your computer malware that’s right malware you won’t know it you won’t be able to see it malware that’s what you’re going to do bring in malware now hopefully you have the right computer system to catch that and stop it but if you don’t you got a problem okay everyone talks about how play around somewhere gets into a serveror network right and so the assumption is they stop there oh they’ve got this technique oh they use that technique oh they use eight different techniques oh they use this blah blah blah and then they might do this and they might and then once they get in there you do this and they spread all this around okay but no one ever tells you what’s encrypted in the files they want you to download right because the people who are writing about this are not in the business
of having to protect themselves from it let alone anyone else that’s why so as one who is partly in that business
I am telling you don’t download it at all at all it’s a fair chance that what playing around to where it claims to have just might not be as important as what they claim because if it were why not publish it you know why not
publish it just publish it put it out there what is it particularly human rights stuff what do you mean I mean
are we jailing people and treating them inappropriately then we need to know about that because hey that would add to a lot of other allegations and claims and could Aid some lawsuits in the end that would be the right thing to do
but as it stands now play ransomware isn’t doing anyone any good not even themselves someone there thinks hey I’ll mention that there’s human rights violations but it’s all designed to get you to click don’t be a fool don’t do it don’t click whatever information they claim to have let them show it in its entirety they have the means why not
subscribe to zennie62 and bookmark oakland news now blog.com

SecurityBoulevard.com reports the following:

Play Ransomware (also known as PlayCrypt) is a new ransomware known for their big game hunting tactics, such as using Cobalt Strike for post-compromise and SystemBC RAT for persistence. They have recently started exploiting the ProxyNotShell vulnerabilities in Microsoft Exchange. The group also has similar tactics and techniques to the ransomware groups Hive and Nokoyawa, leading researchers to believe Play is operated by the same people.

The Mayor of Oakland Sheng Thao has reported that 85 percent of The City of Oakland’s computer infrastructure has been recovered two months after the Play Ransomware Hack.

City of Oakland Issues Ransomwear Update, Reports Second Hack Attack

On April 4th, the City of Oakland reported a second hacker attack, one by a group called LockBit, but also noted for staging fake attacks. This is the City of Oakland update:

We have continued our thorough investigation into the ransomware incident with the assistance of cybersecurity professionals. Our extensive manual review of the data determined to be involved has to date determined that the personal information of certain current and former employees and a limited subset of residents – such as some individuals who filed a claim against the City or applied for certain federal programs with the City – was involved in this incident. We began notifying impacted employees in March and are mailing notification letters to impacted residents to provide them with further details and resources to help protect their personal information.

As a further community update, we recently became aware that the same unauthorized third party claiming responsibility for the ransomware incident has posted additional data allegedly taken from our systems during the incident in February to a website not searchable via the traditional Internet. We are working with third-party specialists and law enforcement to investigate and we will continue conducting a thorough review of the involved files. As noted above, we are in the process of notifying individuals whose information was involved in this incident, and will continue to do so in accordance with applicable law.

We encourage any individuals who receive a letter to contact the dedicated call center with any questions about the notice and how to sign up for services as applicable. That number is (866) 869-1861, and it is open Monday through Friday, 8:00 a.m. to 5:00 p.m., Pacific Time.

We remain committed to protecting the data we maintain, and regret any inconvenience or concern this incident caused our community. We will continue to provide pertinent updates and thank our community for their continued support.

Keep in mind that all of this is happening as Oakland has not settled in on a permanent Chief Administrative Officer. And on that note, where’s Tony Batalla, the City of Oakland’s Chief Information Officer, and head of the information technology office?

Since this happened, Tony Batalla has been competely silent, as Mayor Thao has issued the statement to the media. But he’s the person in charge of the area where this happened, as was hired in April of 2022, just last year. This should be his time to shine, this crisis, but what is he doing?

Stay tuned. Visit World News Media Network home page.