L.A. Housing Authority is target of suspected ransomware attack
Hackers deploying malware published screenshots of data they say they seized.
The Housing Authority of the City of Los Angeles was assessing damage Tuesday from an attack by hackers who are threatening to publish a vast store of the agency’s data they claim to have seized.
The breach surfaced on Saturday, when individuals who deploy the malware known as LockBit published screenshots representing what they claimed were 15 terabytes of Housing Authority data they had seized.
City Housing Authority officials did not provide updates Tuesday afternoon to their Monday-night statement that referred to a “cyber event.”
“We are working diligently with third-party specialists to investigate the source of this disruption, confirm its impact on our systems, and to restore full functionality securely to our environment as soon as possible,” the statement said. “We remain committed to providing quality work as we continue to resolve this issue.”
Housing Authority media and marketing specialist Courtney Gladney told City News Service that the agency had reported the attack to federal law enforcement, but declined to say whether a ransom had been demanded.
A Times review of publicly available information on LockBit’s site on the dark web found what appeared to be a city Housing Authority bank statement and a list of folders.
The group said on the website that information would be released on Jan. 12 if a ransom were not paid.
LockBit’s site claimed that the group had obtained over 15 terabytes of files. The folder names suggest a broad range of data, from the sensitive to the mundane, including payroll, audits, taxes and a 2021 holiday video.
The size of the data set and structure of the folders suggest that the attack targeted a shared file storage system, as opposed to a single machine.
LockBit was described as “one of the most active and destructive ransomware variants in the world” in a criminal complaint filed by the Justice Department against an alleged participant.
The complaint claimed that members of LockBit had made over $100 million in ransom demands since January 2020, extracting “tens of millions” from victims.
A similar attack last fall against Los Angeles Unified School District by the hacker group Vice Society resulted in the release of thousands of files when the district refused to pay. The attack cut staff and students off from email and knocked out systems used by teachers to post lessons and take attendance.
L.A. Unified does not collect students’ Social Security numbers, and officials said no employee database that stored payroll, banking, Social Security or medical information was accessed. However, some contractors working in the facilities division were not as fortunate.
“By shutting down all the systems, we were able to stop the propagation of this event ... restricting its potential damage,” Supt. Alberto Carvalho said. “That was the right call at the right moment.”
In recent times, hackers have targeted businesses and public agencies, including schools, seeking ransom or simply to cause chaos.
Another local attack targeted the Newhall school system in 2020.
The city Housing Authority, one of the nation’s largest, helps provide affordable housing to over 83,000 households through public housing and Section 8 rental assistance programs, and offers permanent supportive housing programs for homeless Angelenos.