Ransomware gang threatens Raleigh Housing Authority months after devastating attack

A ransomware gang has started posting sensitive personal information connected to a devastating attack on the Raleigh Housing Authority (RHA) that disrupted the organization for weeks in May.

On Thursday, cybersecurity expert Dominc Alvieri said the Black Basta ransomware gang began posting the social security cards of people connected to RHA, a government organization founded in 1938 that now manages more than 1,400 public housing units. The attack crashed the organization’s entire system and stopped its ability to function for several days — seven cybersecurity officials from the National Guard were sent to help the organization recover with additional assistance from the FBI.

A spokesperson for RHA did not respond to requests for comment this week, but in May they sent a statement to Recorded Future News describing the incident.

“At 7:30 a.m. [on May 4] members of our team learned we were locked out of our computer system by a threat actor making a cyberattack,” RHA CEO Ashley Lommers-Johnson said. “We immediately notified state and federal authorities, met with Emergency Management, and currently have the National Guard cyber security team on-site investigating.”

The organization – which serves about 6,000 residents of Raleigh – said its constituents and employees could continue communicating with them through a phone line.

The attack took place at a particularly inopportune time for Lommers-Johnson, who started in his position just two weeks before the attack took place.

“We are taking all appropriate actions to identify the threat actors, determine which systems were penetrated and return to regular business operations,” Lommers-Johnson added.

The attack shut down the organization’s online payment system and stopped staff members from processing housing applications. The FBI eventually got involved in the response to the incident and it took weeks for the organization to resume operations.

But this week, Black Basta added troves of sensitive information stolen from the organization, including government IDs, financial documents and more.

Keep it moving, nothing to see here except passports and social security #’s@TheJusticeDept https://t.co/B0llu8c0MB pic.twitter.com/X7Rrtv8x3f

— Dominic Alvieri (@AlvieriD) August 17, 2023

Housing authorities across the U.S. have been a ripe target for ransomware gangs over the last year. The Housing Authority of the City of Los Angeles (HACLA) was attacked by the LockBit ransomware group in January.

LockBit has targeted housing authorities in the past. The gang claimed it attacked the Chattanooga Housing Authority in November, but the attack was never confirmed by city officials, and the Indianapolis Housing Agency dealt with its own ransomware attack in October.

The attack in Indianapolis leaked the information of more than 200,000 people, including Social Security numbers and more. The Cuyahoga Metropolitan Housing Authority in Cleveland, Ohio also had data stolen during a ransomware attack in 2021.

The ransomware attacks are part of a larger trend of gangs targeting poorly resourced local government agencies across the United States.

The Black Basta has been one of the most high-profile ransomware gangs currently operating, taking credit for brazen attacks on the American Dental Association, German wind farm operator Deutsche Windtechnik, British outsourcing company Capita, Swiss tech giant ABB and German arms company Rheinmetall.

Cybersecurity researchers tied the long-running cybercrime cartel FIN7 to the Black Basta ransomware operation in a report published late last year.