Hacker gang sends ransom demand to LA school district

Illustration of two smartphones sitting on a yellow background with a red stripe on them that reads
Photo by Amelia Holowaty Krales/MovieBeat

Hackers who hit the Los Angeles Unified School District (LAUSD) with ransomware over Labor Day weekend have now issued a ransom payment demand, according to the district superintendent.

On Tuesday, Superintendent Alberto Carvalho told the Los Angeles Times that a request had been made but the district had not responded. Carvalho refused to reveal the amount of money requested.

The extortion attempt represents an inevitable escalation of the ransomware attack – which targeted the nation’s second-largest school district just as students were beginning to return after summer vacation – and raises questions about sensitive information that hackers could have obtained.

Although the attack disrupted some of the school’s email systems and other applications, other critical systems such as the MiSiS student management system were recovered and brought back online soon after. But at a press conference on Wednesday, Carvalho said hackers likely accessed MiSiS data, including some student information.

“We believe that some of the data accessed may contain the names of certain students, may contain some degree of attendance data, but is more than likely missing personally identifiable information or very sensitive health information or information about social security number,” Carvalho told local reporters. , Quoted by Deadline.

Although the ransomware attack has not been officially attributed, there are many signs that it was carried out by a cybergang known as the Vice Society. Shortly after the LAUSD attack was revealed, the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about Vice Society ransomware that specifically targeted K-12 institutions in the United States, although the Los Angeles School District Angeles was not named as a target. Following CISA’s cybersecurity advisory, Vice Society took credit for the attack in communications with journalists.

Details released by CISA describe Vice Society as an “intrusion, exfiltration and extortion hacking group” that used dual extortion tactics: locking down systems and threatening to publicly release data unless a ransom is paid. The group was becoming more active in sync with the start of the school year, CISA said, when the potential impact of ransomware attacks on schools was greatest.

Although the recent attack is the only time the Los Angeles school system has been successfully targeted, it has encountered a near miss at least once in the past. Following the Labor Day attack, cybersecurity researchers at Hold Security revealed that they had previously detected a school district-related device in a malicious botnet, but disclosed the results in time to prevent further reports. attacks.

Leave a Comment