Get in Touch
Housing agency attacked by ransomware resulted in leaked data of 200,000 residents
Housing association sector.
The Indianapolis Housing Agency (IHA) has declared that sensitive data was leaked pertaining to over 200,000 of their residents by the ransomware attack initiated in September 2022.
The US-based agency is responsible for providing housing to low-income tenants across the Indianapolis region. The incident was reported to the Maine Attorney General’s office, detailing that 212,910 people were affected. The agency submitted a breach notification letter, stating that the attack was detected on 4th October 2022, following the initial incursion on 23rd September 2022.
Security experts were recruited to investigate the incident, whereby the following types of resident data were reported to have been leaked:
- Dates of Birth
- Social Security Numbers.
This attack highlights the continued interest from ransomware groups against housing associations. As such, no organisation, irrespective of the geo-location, is exempt from potential ransomware attacks due to the sensitive data they retain.
Successful exploitation by a ransomware attack will enable threat actors to steal data and encrypt associated devices. Ransomware groups will commonly use the double-extortion technique of encrypting data coupled with a threat to leak the data on dark web forums.
It was reported that the ransomware attack impaired the agency’s capacity to deliver over 8,000 crucial rent payments to the landlords operating under Section 8 of the ‘Federal Housing Choice Voucher Program’. Furthermore, employees of the agency were required to send payment checks manually and were locked out of email systems for a number of days.
A comprehensive Endpoint Detection and Response (EDR) solution, such as Microsoft Defender, can provide additional protection against ransomware threats. EDRs can alert system users of potential breaches and prevent further progress before the malware can implement significant damage.
Due to the lack of detail provided within the relevant reports, products that have been targeted as a result of this attack are yet to be classified.
Containment, Mitigations & Remediations
As previously mentioned, the leading method of reducing the threat of ransomware is to detect it in the early stages through the use of an effective and monitored endpoint detection & response (EDR) solution. Such a solution will enhance the detection of malicious attempts of ransomware compromise and terminate them if detected.
Organisations can also perform routine back-ups of sensitive data that is required to operate business functions. An offline copy ought to be maintained in the event that the back-ups are impacted by the attack. Therefore, if a breach occurs and the business can no longer function, a back-up is ready to use, and the business can continue to operate with minimal disruption. However, this does not nullify the fact that customer and employee data may have also been compromised, and potentially released at will by the threat actor if ransom demands are not met.
Indicators of Compromise
Due to the lack of detail provided within the relevant reports, specific indicators of compromise associated with this specific ransomware attack are yet to be classified.
Housing associations have recently emerged as a prime target for ransomware groups due to the sensitive data that they retain.
Ransomware, and their affiliated gangs, are involved in a constant cycle of adaptation and notoriety. A relatively new variant of ransomware may emerge and within a short time frame, it can attain significant status as a high-profile threat.
The IHA has not released details about the motive or identity of the threat actor group responsible for this ransomware attack.
Due to the lack of detail regarding the identity of the responsible threat actor group, the related tactics, techniques, and procedures (TTPs) have not yet been categorised.