The city of Los Angeles, in the USA, has been affected by a cyberattack that has paralyzed part of its services.
The incident has been perpetrated by the group WorldLeaks, which has compromised internal systems of the city and the transportation agency responsible for the metro in the Californian city.
The incident was detected last Friday, March 20, when the attackers listed the city on their dark web leak page, indicating they had stolen 159.9 GB of information, organized into 779 files.
Unlike traditional ransomware attacks, which block access to systems through encryption, WorldLeaks focuses its strategy on data exfiltration, using the threat of public disclosure as a method of extortion.
This allows the group to exert pressure on affected organizations without needing to completely disable their systems, a tactic that has been gaining popularity among cybercriminals targeting public entities and large corporations.
The attack led to temporarily restricting access to certain internal platforms of the Los Angeles metro. This particularly affected the train arrival monitors at stations, as well as the online recharge of TAP cards, forcing many users to use physical methods for payments and inquiries.
Despite these disruptions, the transportation service continued to operate, and according to the city’s council, no personal data of passengers or employees has been compromised. Authorities continue to review the systems and work to restore full access to all affected platforms.
WorldLeaks was established last year as an evolution of the group Hunters International. After pressure from authorities and organizational changes, it decided to focus exclusively on stealing data and threatening its publication, leaving aside traditional file encryption.
Their targets are usually organizations that handle sensitive information and have the capacity to pay ransoms, such as local governments, transportation systems, and large companies. This type of attack reflects a growing trend: ransomware actors now seek victims who, due to their technological dependence and the sensitivity of their data, may be forced to give in to extortion.
Another attack
The Los Angeles incident adds to other recent ones in California, such as in Foster City, where ransomware attacks have led to states of emergency being declared. On this occasion, the attribution corresponds to the group LockBit 3.0, known for implementing ransomware as-a-service, which does encrypt the systems of its victims to demand ransoms.
This last attack temporarily paralyzed payment platforms, administrative procedures, and internal communications, although critical services, such as police emergencies and 911, remained operational.
