The San Bernardino County Sheriff's Department is investigating a potential data theft after a ransomware group added the city's administration to its list of victims.
The leak site owned by the LockBit organisation now houses more than 25,000 people and is around 10 minutes north of Oakland.
They are aware that after reportedly obtaining data from a few City of El Cerrito computers, fraudsters have threatened to post information on a website they operate away from the mainstream internet.
Currently monitoring the statements made by the unauthorised actor to determine their veracity, and are collaborating with third-party cybersecurity experts and law enforcement on this subject.
Source: https://therecord.media/california-city-el-cerrito-investigates-data-theft-lockbit
TPRM report: https://scoringcyber.rankiteo.com/company/san-bernardino-county
"id": "san41128823",
"linkid": "san-bernardino-county",
"type": "Ransomware",
"date": "07/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Public Administration',
'location': 'El Cerrito, California',
'name': 'City of El Cerrito',
'type': 'Government'}],
'data_breach': {'data_exfiltration': 'Yes'},
'description': "The San Bernardino County Sheriff's Department is "
'investigating a potential data theft after a ransomware group '
'added the City of El Cerrito to its list of victims. '
'Fraudsters have threatened to post information on a website '
'they operate away from the mainstream internet.',
'impact': {'data_compromised': 'Potential data theft from city computers',
'systems_affected': 'City of El Cerrito computers'},
'investigation_status': 'Ongoing',
'motivation': 'Financial Gain',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'LockBit'},
'response': {'enhanced_monitoring': 'Yes',
'law_enforcement_notified': 'Yes',
'third_party_assistance': 'Yes'},
'threat_actor': 'LockBit',
'title': 'Potential Data Theft and Ransomware Attack on City of El Cerrito',
'type': 'Ransomware and Data Theft'}