{ "id": "7704dd4a-41a3-49a2-bb74-4d09cd4b1315", "created_at": "2026-04-06T00:15:49.33657Z", "updated_at": "2026-04-10T03:22:01.431775Z", "deleted_at": null, "sha1_hash": "f32ffb2c8cf7638c2c74301df3d6fb0b22223c32", "title": "LockBit claims attack on California's Department of Finance", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 2932110, "plain_text": "LockBit claims attack on California's Department of Finance\r\nBy Ionut Ilascu\r\nPublished: 2022-12-13 · Archived: 2026-04-05 20:47:17 UTC\r\nThe Department of Finance in California has been the target of a cyberattack now claimed by the LockBit ransomware gang.\r\nAn investigation has been started by the California Cybersecurity Integration Center (Cal-CSIC), a group of state and federal\r\nagencies dedicated to protecting against cyber threats.\r\nOngoing investigation\r\nCalifornia Governor’s Office of Emergency Services has confirmed that the Department of Finance has been affected by a\r\ncyber incident but did not provide too many details.\r\nhttps://www.bleepingcomputer.com/news/security/lockbit-claims-attack-on-californias-department-of-finance/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/lockbit-claims-attack-on-californias-department-of-finance/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\n“The intrusion was proactively identified through coordination with state and federal security partners. Upon identification\r\nof this threat, digital security and online threat-hunting experts were rapidly deployed to assess the extent of the intrusion\r\nand to evaluate, contain and mitigate future vulnerabilities” - California’s Office of Emergency Services\r\nIt is unclear how much damage the hackers did or how they managed to breach the department. However, the state of\r\nCalifornia says that state funds remained unaffected by the attack.\r\nLockBit claims 75GB of stolen files\r\nOn Monday, the LockBit ransomware gang posted on their leak site that they had breached the Department of Finance of the\r\nstate of California and stole databases, confidential data, financial documents, and IT documents.\r\nTo prove their claim, the hackers published a few screenshots of files they allegedly exfiltrated from the systems of the\r\nDepartment of Finance in California.\r\nsource: BleepingComputer\r\nThe hackers also posted a screenshot of the directories and the number of files stored. The properties dialog shows a count\r\nof over 246,000 files in more than 114,000 folders amounting to 75.3GB of data.\r\nLockBit’s data leak site shows a counter to get paid by December 24, threatening to publish all the files unless they get their\r\nransom.\r\nThe builder that allows generating an encryptor and decryptor for LockBit ransomware was leaked in September by a\r\ndisgruntled operator.\r\nA week after that, a new group calling themselves BlooDy Ransomware Gang started using it in attacks against a Ukrainian\r\nentity.\r\nIn October, a 33-year-old Russian national suspected to be connected to the LockBit ransomware gang was arrested in\r\nOntario, Canada. He is believed to have deployed the ransomware on critical infrastructure and large industrial\r\nhttps://www.bleepingcomputer.com/news/security/lockbit-claims-attack-on-californias-department-of-finance/\r\nPage 3 of 4\n\norganizations.\r\nAt the time, Europol said that the individual is a \"high-value target due to his involvement in numerous high-profile\r\nransomware cases,\" demanding between €5 to €70 million from the victims.\r\nLockBit operators are typically focusing on extorting large companies and are among the most active on the big-money\r\nransomware scene.\r\nAmong the LockBit victims this year are automotive giant Continental, security company Entrust, and the Italian Internal\r\nRevenue Service (L'Agenzia delle Entrate).\r\nThe gang is financially driven and is the first one to introduce a bug bounty program, offering rewards of up to $1 million\r\nfor vulnerabilities in their websites, locker, and new ideas to grow their operation.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/lockbit-claims-attack-on-californias-department-of-finance/\r\nhttps://www.bleepingcomputer.com/news/security/lockbit-claims-attack-on-californias-department-of-finance/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.bleepingcomputer.com/news/security/lockbit-claims-attack-on-californias-department-of-finance/" ], "report_names": [ "lockbit-claims-attack-on-californias-department-of-finance" ], "threat_actors": [], "ts_created_at": 1775434549, "ts_updated_at": 1775791321, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/f32ffb2c8cf7638c2c74301df3d6fb0b22223c32.pdf", "text": "https://archive.orkl.eu/f32ffb2c8cf7638c2c74301df3d6fb0b22223c32.txt", "img": "https://archive.orkl.eu/f32ffb2c8cf7638c2c74301df3d6fb0b22223c32.jpg" } }