Ransomware Attack Hits Los Angeles Housing Authority
Incident Date:
October 31, 2024
Overview
Title
Ransomware Attack Hits Los Angeles Housing Authority
Victim
The Housing Authority of the City of Los Angeles (HACLA)
Attacker
Cactus
Location
First Reported
October 31, 2024
Ransomware Attack on The Housing Authority of the City of Los Angeles (HACLA) by Cactus Group
The Housing Authority of the City of Los Angeles (HACLA) has become the latest victim of a ransomware attack executed by the Cactus ransomware group. This incident adds to the increasing number of cyberattacks targeting diverse sectors. Established in 1938, HACLA is a key governmental agency focused on providing affordable housing and services to low-income residents in Los Angeles, managing over 32,000 housing units with an annual budget surpassing $1 billion.
Company Profile
HACLA plays a crucial role in addressing housing needs in Los Angeles, offering initiatives like the Section 8 Housing Choice Voucher Program and public housing developments. The agency is dedicated to community engagement, workforce development, and utilizing technology to improve service delivery and operational efficiency.
Attack Overview
The Cactus ransomware group, notorious for its double-extortion tactics, claims to have extracted 861 GB of sensitive data from HACLA's network. This data includes personally identifiable information, financial documents, and confidential corporate data. The attack significantly threatens HACLA's operations and the privacy of its stakeholders, potentially affecting the vulnerable populations the agency serves.
Ransomware Group Details
The Cactus ransomware group is a significant entity in the ransomware domain, known for its sophisticated tactics and quick adaptation to target commercial entities. The group is distinguished by its double-extortion strategy, advanced evasion techniques, and swift response to newly discovered vulnerabilities.
Company Vulnerabilities
HACLA's susceptibility to ransomware attacks may be attributed to potential weaknesses in its cybersecurity defenses, such as outdated VPN devices and vulnerability to phishing attacks. The agency's large scale and extensive data holdings make it an appealing target for threat actors aiming to exploit vulnerabilities and demand ransom payments.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.