A notorious and prolific ransomware operation claimed on Monday to have stolen 76 gigabytes of data from the California Department of Finance.
In a statement on its website posted early Monday, LockBit — a group the U.S. Department of Justice describes as one of the “most active and destructive ransomware variants in the world” — announced that it targeted systems belonging to the California Department of Finance and gave the agency a Dec. 24 deadline, when the group is threatening that it will publish the stolen files.
LockBit claims that its haul of stolen data includes “databases, confidential data, financial documents” and, curiously, “sexual proceedings in court.” The group posted seven screenshots of what appear to be mundane budget documents, an old contract, and a screenshot from a file directory showing multiple other document folders — dated Dec. 7 and Dec. 8 — totaling 75.7 gigabytes. The group’s ransom demands are not clear.
The California Governor’s Office of Emergency Services said in a statement that the California Cybersecurity Integration Center (Cal-CSIC) is “actively responding to a cybersecurity incident involving the California Department of Finance.” The statement noted that “no state funds have been compromised,” but did not address whether records were accessed and, if so, which ones.
