Hackers release data after LAUSD refuses to pay ransom

L.A. Schools Supt. Alberto Carvalho in the hallway of Aragon Ave. Elementary School in September after reporting a ransomware attack on the school district. Hackers released district data on Saturday.
More
Hackers released data from the Los Angeles school district on Saturday, a day after Supt. Albert Carvalho said he would not negotiate with the criminal syndicate or pay them a ransom.
Some screenshots of the hack were reviewed by The Times and appear to show some social security numbers. However, the full extent of the release remains unclear.
The release of the data came two days before the deadline set by the syndicate, which calls itself the Vice Society -- and apparently came in response to Carvalho's final response on whether the district would pay the hackers to prevent the release of private information also to get decryption keys to unlock some district computer systems.
ADVERTISEMENT
"What I can tell you is that the demand - any demand - would be absurd," Carvalho told the Times on Friday. “But that request was, frankly, insulting. And we will not enter into negotiations with this type of company.”
In a statement released later that day, he added, "Paying a ransom never guarantees full recovery of data, and Los Angeles Unified believes public money is better spent on our students than it was before a nefarious and... to surrender to an illegal crime syndicate.”
The extent of the data theft is now being evaluated by federal and local authorities.
Carvalho said Friday that he believes confidential information was not stolen from employees. He was less certain about student information, which might include names, grades, class schedules, disciplinary records, and disability status.
ADVERTISEMENT
Anyhow, he said the district will assist anyone who may be harmed by the release of data, including establishing an "incident response" hotline at (855) 926-1129. Hours of operation are 6:00 a.m. to 3:30 p.m. Monday through Friday, excluding major US holidays.
Since the attack, which was discovered on Sept. 3, the nation's second-largest school district has worked closely with local law enforcement, the FBI and the Federal Cybersecurity and Infrastructure Security Agency (CISA).
CISA released an alert to educational institutions through Vice Society immediately after the LAUSD attack, without directly confirming that the syndicate was responsible.
The syndicate's original Monday deadline was published on the dark website of the Vice Society, which had informally confirmed to at least three reporters that it was responsible for the hack.
On Friday, Carvalho denied any media reports identifying Vice Society. He continued his previous practice of not disclosing the amount claimed.
The letter of confession became official with a posting on the Darknet. A screenshot shows the Vice Society logo and its slogan "Ransomware with Love". The site lists as "affiliates" the entities she allegedly victimized. This now includes the L.A. Unified School District, which is listed along with the district logo.
"The papers will be released by 00:00 London time on 4 October 2022," the website reads. That deadline would be eight hours earlier in Los Angeles if adjusted for the time change. A countdown clock ticked down the time.
Hackers have targeted at least 27 U.S. school districts and 28 colleges this year, according to cybersecurity expert Brett Callow, a threat analyst for digital security firm Emsisoft. At least 36 of those organizations had stolen data and published it online, and at least two counties and one college paid off the attackers, Callow said.
Callow was among the cybersecurity bloggers and experts who confirmed Sunday morning that the data had been released.
According to Callow's tally, the Vice Society alone has hit at least nine school districts and colleges or universities so far this year.
When the attack was discovered, district technicians quickly shut down all computer operations to limit the damage, and officials were able to open the campus on Tuesday after the holiday weekend as scheduled. The shutdown and hack combined to create a highly disruptive week as more than 600,000 users had to reset passwords and systems were progressively scanned for breaches and restored.
During this reboot, technicians found so-called tripwires left behind that could have led to further structural damage or further data theft. Recovery of the district systems is underway, but there was another element of the attack: exfiltration of data.
The hackers claimed to have stolen 500GB of data.
The district has also established a cybersecurity task force, and the school board has granted emergency powers to Carvalho to take any related steps he deems necessary.
The most damaged internal systems were in the facilities department. Carvalho said it was necessary to create workarounds so contractors could keep getting paid and repairs and construction could go ahead as planned.
This story originally appeared in the Los Angeles Times.

Last News

This South Korean Football Player Has Gone Viral After His 2022 FIFA World Cup Appearance

This South Korean Football Player Has Gone Viral After His 2022 FIFA World Cup Appearance

Tenoch Huerta Just Confirmed That His Bulge Wasn't Edited Out Of "Black Panther 2"

Jack Ma, the billionaire founder of Alibaba, disappeared from public view in 2020. He's been living in Tokyo for the past 6 months, new reports say.

This Is What Actually Happens To Your Body When You’re Eating Too Much Sugar, According To Dietitians

Casey Anthony makes bombshell claims about daughter’s death in new Peacock docuseries