LA housing authority is latest LockBit ransomware victim

The Housing Authority of the City of Los Angeles (HACLA), established in 1938 to provide affordable housing in Los Angeles, confirmed in a statement that it was a victim of a ransomware cyberattack. This is the second major attack against an agency in LA after the Los Angeles United School District (LAUSD) experienced a similar incident at the hands of Vice Society, a ransomware gang, in September last year. 

“The Housing Authority of the City of Los Angeles (HACLA) is experiencing a cyber event that resulted in disruption to our systems,” a spokesperson said. “We are working diligently with third-party specialists to investigate the source of this disruption, confirm its impact on our systems, and to restore full functionality securely to our environment as soon as possible. We remain committed to providing quality work as we continue to resolve this issue.”

The notorious LockBit ransomware gang claimed responsibility for the attack against HACLA after they listed the agency on their leak site on New Year’s Eve. Based on screenshots taken from the dark web, HACLA’s page reveals that LockBit possesses more than 15TB of the agency’s files. It also has snapshots of these files and folders and the ransom payment deadline of January 12.

The ransom demand was not disclosed.

As of this writing, a red banner at the top of HACLA’s homepage says it’s still experiencing “technical difficulties.”

“During this time, you may experience issues related to the services that HACLA provides. Thank you for your patience while we work through these issues,” the banner said.

The timely attack on HACLA is an opportunistic one, as LockBit appeared to have taken advantage of the holiday season to make their move. As we’re well aware, cybercriminals favor attacking victims when they least expect it. And there’s no better time than the holidays and special events—even weekends—to attack, as, more often than not, there are fewer people paying attention, making the risk of detection lower.

The September attack on LAUSD occurred during the Labor Day weekend.


Read: How to stay secure from ransomware attacks during holidays and special events


Following the LAUSD attack, Los Angeles Police Department (LAPD) Chief Michel Moore was quoted saying that ransomware attacks are “the No.1 threat to our safety.” 

“This is a wake-up call, a reminder, because all of us are so dependent on our cyber universe, to check our systems, to recognize that personal, businesses, public and private sector, are constantly being probed and constantly under attack, and that is why it’s critical that you pay attention to your security system, that you pay attention to who your users are and that you’re constantly on vigilance,” Moore said.

In an interview with LAist, Nick Merrill, a research fellow at the UC Berkeley Center for Long-Term Cybersecurity, thinks that HACLA, like LAUSD, is not likely to pay the ransom.

“LockBit believes that this is going to be a low-cybersecurity resource organization,” Merril said, adding that the successful attack could further erode trust in government agencies.

“Now HACLA has lost credibility. Defense is more than people’s privacy issues. It’s about creating the effect of a predictable and reliable society with services we can depend on.”


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

https://blog.malwarebytes.com/feed/