A US regional housing authority said it is responding to a ransomware incident linked to the Qilin criminal group that affected some of its systems and disrupted access to services. The Augusta Housing Authority in Georgia reported the incident after it detected unauthorised encryption of data on servers used for administrative and tenant management functions.
Officials said the attack occurred in early February 2026 and that investigators identified malware associated with Qilin, a ransomware-as-a-service operation that has been linked to other high-profile digital extortion campaigns. The authority said the offensive code encrypted files and interfered with its ability to run certain internal systems.
Augusta Housing Authority personnel took affected systems offline to contain the incident and engaged cybersecurity specialists to assist with recovery. Some tenant online services, including portals for rent payments and maintenance requests, were temporarily unavailable while IT teams worked to restore functionality and to remove malicious software. The organisation said it also notified relevant law enforcement agencies.
Qilin ransomware has appeared in public reporting on several attacks against government, education and private sector networks in recent months. Ransomware-as-a-service models involve criminal groups providing malware and infrastructure to affiliates who carry out the intrusions and deploy encryption. Victims are typically urged to pay cryptocurrency ransoms in exchange for decryption tools, although the Augusta Housing Authority did not disclose any ransom demands.
Officials said they are assessing the scope of the incident and the potential impact on data handled by the authority, which manages public housing programmes, including applicant records and tenant information. At this stage, authorities did not comment on whether personal information was exfiltrated or impacted, and there was no indication that sensitive data had been made public.
The housing authority said it is working to restore full service and improve network defences to guard against future attacks. Outsourced IT partners and external responders are helping to rebuild affected systems and implement additional safeguards.
Cybersecurity experts said Qilin and similar groups are increasingly active in targeting local government and public service organisations, where limited security resources can make defences more vulnerable. They recommend regular backups, patching, and incident response planning to limit operational impact when ransomware strikes.
The Federal Bureau of Investigation and other law enforcement units encourage organisations affected by ransomware to report incidents and to coordinate with authorities in recovery and investigation efforts. The Augusta Housing Authority said it would provide updates to tenants and stakeholders as work to restore services continues.