Chris Swagler | March 18th, 2023

The Housing Authority of the City of Los Angeles (HACLA) issued a “data security event” warning after the LockBit ransomware group targeted the organization leaking data stolen from the cyberattack. HACLA, a state-chartered organization, serves low-income individuals and families with affordable housing in Los Angeles, California. Additionally. the government agency, which has a $1 billion annual budget, provides employment training and education to qualifying families to assist them in attaining self-sufficiency and enhancing their quality of life. According to the data breach report, HACLA detected encrypted computer systems on its network on December 31, 2022, which forced the agency’s IT team to shut down all servers and initiate an investigation. On February 13, 2022, the HACLA completed their investigation regarding the incident and revealed that threat operators gained unauthorized access to systems between January 15, 2022, and December 31, 2022. Based on the server logs examined, the threat operators may have obtained the following information belonging to HACLA members:

HACLA informed the impacted individuals by mail containing instructions on how to monitor their accounts, place fraud alerts, and report identity theft incidents to authorities.

The LockBit 3.0 ransomware group, one of the most active and known RaaS (ransomware-as-a-a-service) operations, claimed responsibility for the HACLA attack. On December 31, 2022, a sample of the files was released by the threat actors claiming to have stolen it from HACLA’s network and threatening to disclose all files on January 27, 2023. Meaning that ransom payment discussions failed, and the government agency refused to accept the cybercriminals’ demands. Unfortunately, roughly 1.5 months after the data was published, the download link on LockBit’s extortion website no longer works, mitigating the impact. Additionally, the leaked data has been redistributed on known threat operator forums.

With ransomware groups looking to target high-profile organizations, especially those with high annual budgets to provide individuals and families with necessities, it’s important for companies to remain alert to the current threat landscape. At SpearTip, our certified engineers continuously monitor companies’ data networks for potential ransomware threats at our 24/7/365 Security Operations Center. Our pre-breach advisory services allow our team to examine organizations’ security posture and improve the weak points in their network systems. Additionally, we engage with their people, processes, and technology to measure the technical environment’s maturity. With every vulnerability uncovered, our experts provide organizations with a technical roadmap ensuring they have the awareness and support to optimize their overall cybersecurity posture. Our ShadowSpear Platform, an integrable managed detection and response tool, utilizes comprehensive insights through unparalleled data normalization to detect sophisticated unknown and advanced ransomware threats.

If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.