LA school hackers release data after district denies payment
Written by Benjamin Freed
The Vice Society ransomware gang on Saturday released data stolen from the Los Angeles Unified School District in an attack last month. The leak came a day after Superintendent Alberto Carvalho publicly said the district, the second-largest K-12 system in the country, would not pay a ransom.
The trove of data posted on a Vice Society leak site exceeds 500 gigabytes and appears to include large volumes of documents containing employees’ social security numbers, tax forms, financial records and other sensitive information. Screenshots reviewed by StateScoop include a W-9 tax form, a motor oil purchase order and a file directory containing images of a district employee’s passport. (W-9 forms are IRS documents that must be completed by independent contractors and include fields for Social Security numbers.)
Vice Society claimed responsibility for the incident shortly after the group was the target of a federal warning about the group’s predilection for targeting the education sector. So far this year, there have been 56 ransomware incidents affecting K-12 and post-secondary entities in the United States. Vice Society also accounts for 17% of ransomware attacks against education sector around the world this year, according to Allan Liska, analyst at Recorded Future.
Carvalho had last month acknowledged the possibility that Vice Society would end a threat to release the data stolen from Los Angeles USD. The malware team had also said it would give the district until midnight Tuesday London time to pay its ransom, the value of which has not been made public.
“Paying a ransom never guarantees full data recovery, and Los Angeles Unified believes that public money is better spent on our students than capitulating to a nefarious and illicit crime syndicate,” read a press release from the district last Friday.
It seems that Vice Society then dropped its deadline.
In a statement posted to Twitter on Sunday evening, Carvalho said the release of school data was under review.
“Unfortunately, as expected, data has recently been released by a criminal organization,” he wrote. “In partnership with law enforcement, our experts are analyzing the full scope of this data release.”
The district also set up a hotline for employees, students and their families to answer questions about the incident. The Los Angeles Unified School District has approximately 665,000 students and employs more than 25,000 teachers and more than 50,000 other administrators and support staff.
LAUSD’s response to the incident also included the establishment of an IT task force – days after the incident was detected on September 5 – to analyze the district’s cybersecurity posture and report back within 90 days. Carvalho also used a September 13 board meeting to secure emergency spending powers for a year, allowing the district to issue untendered contracts that may not be subject to the rules. financial disclosure routines.