The LA County Superior Court and the Housing Authority of the City of Los Angeles (HACLA) ransomware attacks were two prominent cyberattacks in Los Angeles in 2024. As a center for finance, education, and transportation, Los Angeles is a prime target for cybercriminals looking to exploit high-value systems. The 2024 Ransomware Risk Report shows 2,321 ransomware incidents globally from January to June, and 51% of those incidents were against US entities. In Los Angeles, these attacks have disrupted operations, exposed data, caused financial and reputational damage, and put public and private services at risk.
The financial impact of ransomware is expected to reach $265 billion by 2031 according to the Cybercrime Magazine. A report published by Chris Inglis, the first US National Cyber Director, shows that 74% of victims get hit multiple times, and 78% of organizations (71% education, 80% finance, and 85% transportation) pay ransoms. For Los Angeles, this means disrupted schools, compromised financial institutions, and vulnerable business operations. This blog explores how these incidents happen and affect businesses and public entities, highlighting the demand for stronger cybersecurity services to stop these malicious actors from exploiting vulnerabilities for monetary gain.
LA County Superior Court
California, ranking among the top four states with the highest risk index for cyberattacks has seen a major data breach in it’s one of the government organization i.e. LA County Superior court. The Los Angeles County Superior Court, the largest trial court in the United States, shut down all its court hearings and related operations for 5 days following the ransomware attack of July 19, 2024. The entire computer network system was down from July 19 to 23.
Based on the statements issued by the court, the cyber attack infiltrated the court’s computer system, targeted the case management system, and encrypted critical record files. The court schedules, case records, and ongoing trial data files became inaccessible. The preliminary investigation revealed that exploiting zero-day vulnerabilities of the court’s digital infrastructure allowed the attackers to bypass the existing security protocols and access the court network system.
The attackers wanted the court to pay the ransom for the encryption key. LA County court refused the ransom and sought outside cyber experts to do a manual restore. Together with the Court Technology Services (CTS) team and other IT staff, they got the entire network back up and running in 11 days.
Court leaders credited their previous cybersecurity investments for detecting the attack quickly, limiting the damage. However, despite that claim, the breach exposed sensitive case data and litigant privacy. The attack showed vulnerabilities in critical systems and the need for continuous monitoring and proactive security to improve cybersecurity protocols.
The incident is a reminder that ransomware gangs are constantly probing digital systems to find vulnerabilities, continually targeting Los Angeles public services and institutions.
Los Angeles Housing Agency
In November 2024, the Housing Authority of the City of Los Angeles (HACLA), which manages 32,000 public housing units with an annual budget of over $1 billion, was hit by a Cactus ransomware attack. When the HACLA detected the breach, they contacted external forensic IT specialists to investigate the attack.
As a critical affordable housing provider and service to low-income families, seniors, and children in Los Angeles, the state-chartered public agency was severely impacted when hackers got into their IT network and stole 891 GB of data. The stolen files included personal identification information, database backups, financial documents, and corporate confidential data, including emails and employee information.
To add to their ransom demand, the attackers published screenshots of sensitive documents and uploaded archives of the stolen files as proof of the breach, using the double-extortion tactic.
HACLA was also a victim of the LockBit gang’s ransomware in 2022. The malicious threat actors were in HACLA’s network for almost a year before detection. The repeated attacks showed persistent vulnerabilities in their cybersecurity, outdated VPN devices, and susceptibility to phishing, making HACLA an attractive target.
The Cactus gang took advantage of the weaknesses, used advanced evasions, and exploited new vulnerabilities to execute the attack. This breach highlights the need for HACLA to have robust cybersecurity to protect its massive data and critical public services.
Los Angeles Unified School District
Los Angeles Unified School District (LAUSD), the second-largest school district in the US, was hit with a ransomware attack in late 2022. The attack by the Russian-speaking Vice Society ransomware gang occurred between July 31 and September 3, targeting the entire digital infrastructure of the district.
Two weeks after the breach, the hackers sent a ransom demand with a 3-day ultimatum. LAUSD refused to pay and said public funds would be better spent on students and education than on a nefarious crime syndicate.
However, this decision prompted the group to release 500GB of stolen data, including Social Security Numbers, W-9 tax forms, contracts, passports, and sensitive psychological assessments. The public release exposed confidential information of students, staff, and district business operations, making the breach even bigger.
The breach exhibited widespread vulnerabilities in educational institutions, as Vice Society had already hit at least eight other US school districts in 2022. LAUSD got immediate help from the White House, Department of Education, FBI, and CISA, who brought in significant resources to assess and contain the damage.
Local law enforcement worked with federal agencies to strengthen the district’s cybersecurity and prepare for future threats. LAUSD notified affected individuals to mitigate the fallout and offered free credit monitoring services to prevent identity theft. The attack is a harsh reminder that educational institutions must step up their cybersecurity as they are extensive data repositories for ransomware gangs to hit.
Conclusion
Ransomware attacks on courts, housing agencies, educational institutions, and businesses result in loss of money, time, data, and reputation. However the incident of data breach in California in 2024 is spreading beyond the Los Angeles area. To combat these growing threats in Los Angeles, you must partner with a trusted managed service provider like Captain IT for robust protection against cybercriminals. Captain IT provides managed IT services in Los Angeles county and neighboring counties as well. Captain IT’s IT services include 24/7 monitoring, real-time threat detection, data encryption, backups, and phishing training to keep operations safe. With advanced tools and expert support, Captain IT helps businesses and institutions stay resilient against cyber threats so that you can focus on your core objectives without the concern of crippling attacks.