Cleveland FBI investigating CMHA ransomware attack

In-Depth: Cleveland FBI investigating CMHA computer ransomware attack
Cleveland tech scene looking to expand diversity
Photo by: Tom Livingston
Cleveland tech scene looking to expand diversityIn-Depth: CMHA residents concerned by agency system-wide computer breach
By: Joe PagonakisPosted at 10:38 PM, Feb 25, 2021 and last updated 12:10 PM, Feb 26, 2021
CLEVELAND — The Cleveland Division of the FBI is investigating a ransomware cyber attack on computer systems at the Cuyahoga Metropolitan Housing Authority that started back on Feb. 8.

FBI Special Agent Vicki Anderson told News 5 the attack is the work of the elusive DoppelPaymer ransomware organization that has victimized other northeast Ohio organizations, and businesses around the world.

Recent Stories from news5cleveland.com

Discount Drug mart.jpg
“We have been in contact with CMHA, we are working with them," Anderson said. “It’s awful for them to hit anybody, and much less an organization like this.”

“This is a worldwide problem, so these individuals who are responsible for this could be sitting in right here in Northeast Ohio, or they could be sitting across the world," Anderson said. “They do their research, they find out who works at certain companies, they make an email that looks like it’s coming from someone inside the company."

CHMA told News 5 it has made significant progress in restoring computer systems to its 700 employees and computer access to some 55,000 residents, but said its web portal is still not fully operational.

CMHA confirmed DoppelPaymer has posted information about dozens of its employees on its website, but said it doesn't appear it's information that is outside what is public record.


CMHA said, so far, it doesn't appear the personal information of residents has been compromised, but said its investigation continues.

“When a company has decided to pay that ransom or whatever they’re asking for, we can stop that money, if we get involved quick enough, but our advice is don’t pay that ransom," Anderson said.

CHMA issued the following statement in response to our story:

"As you may know, the Cuyahoga Metropolitan Housing Authority (CMHA) experienced technical difficulties resulting in disruption to certain computer systems. We now understand that this was a ransomware incident.

We continue to work diligently with third-party consultants to investigate the source of this disruption, confirm its impact on our systems, and restore full functionality to our systems as soon as possible.

Due to our incident response plan, we have been able to continue serving and supporting our clients without making any payment in response to the ransom demand. We appreciate your patience and understanding, and apologize for any inconvenience."


Q: What happened?

A: We recently began experiencing technical difficulties, resulting in disruption to certain computer systems. We now understand that this was a ransomware incident. We are working diligently with third-party consultants to investigate the source of this disruption, confirm its impact on our systems and to restore full functionality as quickly as possible.

Q: Was any of my information affected?

A: Our investigation into this incident is ongoing. CMHA wants to assure you that the privacy and security of information remains one of our top priorities. To date, we are unaware of any personally identifiable information that was impacted. If we learn that your information was, indeed, impacted, we will let you know and provide resources to protect yourself, which may include complimentary credit monitoring. We will continue providing additional information as it becomes available.

Q: When will you know more information?

A: We will provide additional information as our investigation progresses.

Q: When will you be fully operational?

A: We are working diligently to restore our network to full functionality. We do not currently have a timeframe as to when this will be complete.

Sue McConnell, Cleveland's Better Business Bureau President, told News 5 employee education is crucial in preventing a ransomware attack.

She said it's important “to never click on links that are not known authorized email links, and never download attachments, unless you’re absolutely certain they’re safe."


“When backing up data, if you’re using an external hard drive to back it up, you want to make sure you’re removing it from the network when you’re doing the back-up," McConnell said.