However, the release of data was later delayed to Nov. 7, and it looks like Play is holding up its end of the bargain, according to a screenshot posted on X (formerly Twitter).
“For now partially published compressed 5gb. If there is no reaction full dump will be uploaded,” reads the post. It’s still uncertain what data was released, but the group has penned similar messages before as part of previous ransomware attacks.
The exact same message was used when the group leaked five gigs of data from the city of Lowell, Massachusetts, after a hack in April. As a result of that attack, all city computers had to be shut down, wiped and restored, according to NBC. At one city council meeting around the time, Miran Fernandez, chief information officer for Lowell's Management Information Systems, called the incident "the biggest reboot in the city's history.”
Prior to Lowell, the group hacked Oakland, California, in March of this year, writing on its blog at the time: “Private and personal confidential data, financial information, IDs, passports, employee full info, human rights violation information. For now, published compressed 10gb. If there no reaction full dump will be uploaded.”
The San Francisco Chronicle later downloaded the data and confirmed it contained social security numbers, driver's license numbers, birth dates and home addresses of city employees. The city employs about 5,000 people.
Dallas County Judge Clay Lewis Jenkins said in an emailed statement that the county knows about the hackers’ claim. “Dallas County is aware of an unauthorized party posting data claimed to be taken from our systems in connection with our recent cybersecurity incident,” Lewis Jenkins said. “We are currently in the process of thoroughly reviewing the data in question to determine its authenticity and potential impact.”“We want to assure everyone that we are taking this matter seriously." – Dallas County Judge Clay Lewis Jenkins
tweet this
He said he understands that the incident may be concerning to residents, employees and partners. “We want to assure everyone that we are taking this matter seriously,” he said. “Our top priority is the security and privacy of all individuals associated with Dallas County."
Lewis Jenkins said the investigation into the incident is ongoing and the county is continuing to work with law enforcement and cybersecurity experts to address the situation.
Generally, during a ransomware attack, hackers will steal data and encrypt it, locking out the owners of the data. It becomes retrievable only if a ransom is paid. The county, however claims, it thwarted the attack, at least in part, and that its data wasn’t encrypted by the attackers. But that doesn’t mean the data is safe.
If you ask Boyd Clewis, vice president of the Baxter Clewis Training Academy, which trains people in cybersecurity, the hackers aren’t bluffing about releasing data. “In this game in the cyber space, reputation is everything,” Clewis told the Observer after the hack last month. “They would not play with their reputation with bluffing. … Sometimes they’ll be so bold to just release a sample just to show that they’re not playing.”
But, he said he wouldn’t suggest paying the ransom and that the county should work with local and federal law enforcement to retrieve its data.
“It’s people behind this. It’s not computers,” he said. “And what gets rewarded or incentivized gets repeated. So if Dallas County pays them, what’s going to stop them from asking for more money or doing this again?”
