Hackers Leak LAUSD Data After Refusal to Pay Ransomware

Hackers leaked stolen data from the Los Angeles Unified School District (LAUSD) Saturday, a day after the superintendent said he would not negotiate with or pay a ransom.

The release of data came two days earlier than the deadline set by the hackers, known as “Vice Society.” The group originally targeted the district over Labor Day weekend and claims to have stolen 500 gigabytes of data.

Since the attack, LAUSD has been working closely with local law enforcement, the FBI, and the federal Cybersecurity and Infrastructure Security Agency (CISA).

The district released a statement Friday confirming the data leak and the decision not to pay the ransom.

“Unfortunately, as expected, data was recently released by a criminal organization. In partnership with law enforcement, our experts are analyzing the full extent of this data release,” reads the statement. “Paying ransom never guarantees the full recovery of data, and Los Angeles Unified believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate.”

The statement echoes sentiments from the FBI, which maintains organizations should not pay a ransom because it doesn’t guarantee they’ll get data back and it encourages more ransomware activities.

Superintendent Alberto Carvalho told the Los Angeles Times Friday that he did not believe confidential information of district employees had been stolen but that he was “less certain” about students’ information, such as names, grades, schedules, and disciplinary records.

According to the Times, some of the documents in the release appear to include W-9 forms and Social Security numbers. Carvalho said the internal systems most affected were in the facilities division, and that workarounds had to be created so contractors could continue to receive payment and repairs and construction could continue on schedule.

As part of its response, the district established a cybersecurity task force and the school board granted Carvalho emergency powers to make any related decisions he deems necessary. The district has also set up an incident response line to provide assistance to anyone harmed by the data release. Anyone who may have been impacted can call (855) 926-1129. Hours of operation are Monday through Friday, excluding major holidays, from 6 a.m. to 3:30 p.m.

Immediately following the cyberattack, CISA warned of an increase in ransomware attacks against schools. This school year alone, Vice Society has attacked at least nine school districts and colleges or universities. In total, hackers have attacked at least 27 school districts and 28 colleges. Brett Callow, a threat analyst for the digital security firm Emsisoft, said at least 36 of those organizations had data stolen and released online. At least two districts and one college paid the attackers.

Last year, 1,043 schools were targeted in ransomware attacks, according to a 2022 report from Emsisoft.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Related Content

UPDATE: Ransomware Group Leaks Change Healthcare Data

HHS Urges Quick ID and Implementation of Solutions to Change Healthcare Ransomware Debacle

Hackers Post Gory Videos on UC Irvine Discord Groups

Cybersecurity Researcher Finds School Shooting Emergency Plans Exposed Online