Nearly one month after the Los Angeles Unified School District (LAUSD) announced it had discovered a ransomware incident, the threat actor(s) behind the attack have released the stolen data on the Dark Web, according to the Los Angeles Times.
The data was released two days prior to the original ransom deadline set by the hackers, who refer to themselves as "Vice Society," but it appears Superintendent Alberto Carvalho made it clear to the group a ransom would not be paid by the school district.
Carvalho recently spoke to the Times and said this:
"What I can tell you is that the demand—any demand—would be absurd. But this level of demand was, quite frankly, insulting. And we're not about to enter into negotiations with that type of entity."
The released data included some Social Security numbers, but the full extent of the data is still unknown.
Carvalho likely made the right decision by not negotiating with these cybercriminals. Often, paying ransoms does not guarantee that you can fully recover your data, or that the threat actors will delete the data after they are paid.
On top of that, the LAUSD is the second largest school district in the United States, and just like any other school district, funding is limited. Carvalho said he believes "public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate."
The Superintendent continued to say that the confidential information of employees was not stolen, though he was not so sure when it came to student information. Student data that could have been stolen includes names, grades, course schedules, disciplinary records, and disability status.
Other information that may have been included in the released data are things like W-9 forms or other forms with confidential information from the facilities services division.
The data in question is now being evaluated by federal and local authorities, including the FBI, CISA, and the school district itself. LAUSD says it will provide assistance to anyone who may have been harmed by the data release and has set up an "incident response" line at 855-926-1129.
CISA previously warned of the Vice Society ransomware group targeting educational institutions after the original attack on LAUSD. The agency describes the cyber gang like this:
"Vice Society is an intrusion, exfiltration, and extortion hacking group that first appeared in summer 2021. Vice Society actors do not use a ransomware variant of unique origin. Instead, the actors have deployed versions of Hello Kitty/Five Hands and Zeppelin ransomware, but may deploy other variants in the future."
For more information on Vice Society, indicators of compromise, and mitigations, see the post from CISA, #StopRansomware: Vice Society.
Follow SecureWorld News for more stories related to cybersecurity.
