Cactus Ransomware Targets Los Angeles Housing Authority

HACLA: Services at Risk

The Housing Authority of the City of Los Angeles (HACLA), one of the largest public housing agencies in the United States, has confirmed a cyberattack compromising its IT network. This comes after claims by the Cactus ransomware group, which has taken responsibility for the attack.

HACLA provides affordable housing and assistance programs to low-income families, children, and seniors in Los Angeles. The agency oversees over 32,000 housing units annually, with a budget exceeding $1 billion. Following the attack, HACLA assured the public that its systems remain operational and that it has engaged external specialists to investigate and mitigate the incident.

“Our systems remain functional, and we are receiving expert guidance to ensure the continuity of essential services for vulnerable individuals in Los Angeles,” stated an HACLA spokesperson.

Cactus ransomware ataca a la Autoridad de Vivienda de Los Ángeles
Data Theft: Sensitive Information Compromised

Cactus ransomware claims to have stolen 891 GB of data from HACLA. According to the cybercriminal group, the stolen information includes:

  • Personally identifiable information (PII)
  • Database backups
  • Financial documents
  • Personal details of executives and employees
  • Confidential client data
  • Corporate communications

To substantiate their claims, Cactus posted screenshots of sensitive documents on their leak site and uploaded a file allegedly containing portions of the stolen data.

Cactus: Persistent Threats in the Corporate Environment

Since emerging in March 2023, Cactus ransomware has carried out over 260 attacks globally using double extortion techniques. The group gains access to corporate networks by purchasing stolen credentials, launching phishing campaigns, or exploiting vulnerabilities in internet-exposed systems.

This is not the first time HACLA has been targeted by ransomware. In 2022, the LockBit ransomware group accessed HACLA’s systems for nearly a year before encrypting devices and publishing stolen data in 2023.

Implications for Government Agencies and Enterprises

This incident underscores the pressing need for robust security practices and incident response protocols in government agencies and high-impact social organizations like HACLA. The reliance of such organizations on critical technological systems makes them attractive targets for ransomware groups like Cactus, which seek sensitive data to extort and pressure victims.

HACLA has yet to confirm whether personal information of its program beneficiaries was exposed in the attack or disclose the exact detection date. However, the risk of confidential data falling into the hands of cybercriminals highlights the necessity for strong cybersecurity strategies and incident response plans to protect and ensure the resilience of sensitive organizational data.

Indicators of Compromise

 

Related Posts
Devel Group
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.