September 29, 2023

A ransomware gang has began posting delicate private data related to a devastating assault on the Raleigh Housing Authority (RHA) that disrupted the group for weeks in Could.

On Thursday, cybersecurity knowledgeable Dominc Alvieri mentioned the Black Basta ransomware gang started posting the social safety playing cards of individuals related to RHA, a authorities group based in 1938 that now manages greater than 1,400 public housing models. The assault crashed the group’s complete system and stopped its skill to operate for a number of days — seven cybersecurity officers from the Nationwide Guard have been despatched to assist the group get well with extra help from the FBI.

A spokesperson for RHA didn’t reply to requests for remark this week, however in Could they despatched a press release to Recorded Future Information describing the incident.

“At 7:30 a.m. [on May 4] members of our staff discovered we have been locked out of our pc system by a risk actor making a cyberattack,” RHA CEO Ashley Lommers-Johnson mentioned. “We instantly notified state and federal authorities, met with Emergency Administration, and presently have the Nationwide Guard cyber safety staff on-site investigating.”

The group – which serves about 6,000 residents of Raleigh – mentioned its constituents and workers may proceed speaking with them by means of a telephone line.

The assault happened at a very inopportune time for Lommers-Johnson, who began in his place simply two weeks earlier than the assault happened.

“We’re taking all acceptable actions to determine the risk actors, decide which techniques have been penetrated and return to common enterprise operations,” Lommers-Johnson added.

The assault shut down the group’s on-line cost system and stopped employees members from processing housing functions. The FBI finally bought concerned within the response to the incident and it took weeks for the group to renew operations.

However this week, Black Basta added troves of delicate data stolen from the group, together with authorities IDs, monetary paperwork and extra.

Housing authorities throughout the U.S. have been a ripe goal for ransomware gangs during the last yr. The Housing Authority of the Metropolis of Los Angeles (HACLA) was attacked by the LockBit ransomware group in January.

LockBit has focused housing authorities up to now. The gang claimed it attacked the Chattanooga Housing Authority in November, however the assault was by no means confirmed by metropolis officers, and the Indianapolis Housing Company handled its personal ransomware assault in October.

The assault in Indianapolis leaked the data of greater than 200,000 folks, together with Social Safety numbers and extra. The Cuyahoga Metropolitan Housing Authority in Cleveland, Ohio additionally had knowledge stolen throughout a ransomware assault in 2021.

The ransomware assaults are half of a bigger development of gangs concentrating on poorly resourced native authorities companies throughout the US.

The Black Basta has been one of the crucial high-profile ransomware gangs presently working, taking credit score for brazen assaults on the American Dental Affiliation, German wind farm operator Deutsche Windtechnik, British outsourcing firm Capita, Swiss tech big ABB and German arms firm Rheinmetall.

Cybersecurity researchers tied the long-running cybercrime cartel FIN7 to the Black Basta ransomware operation in a report printed late final yr.

Get extra insights with the

Recorded Future

Intelligence Cloud.

Study extra.

Jonathan Greig

Jonathan Greig is a Breaking Information Reporter at Recorded Future Information. Jonathan has labored throughout the globe as a journalist since 2014. Earlier than shifting again to New York Metropolis, he labored for information shops in South Africa, Jordan and Cambodia. He beforehand lined cybersecurity at ZDNet and TechRepublic.