Los Angeles Unified School District has until Monday to pay a ransom demanded by an international hacking ring it says is responsible for the cyberattack that shut down district computers.
Vice Society, a hacking syndicate, named the LAUSD as one of “our partners” and claimed that “the papers will be published by London time on October 4, 2022 at 12:00 a.m.” in a post on the dark web that was discovered and copied by Brett Callow of the cybersecurity firm Emsisoft.
Considering that London is eight hours ahead of LA, the cutoff time would be Monday afternoon.
The post did not reveal any details about the data collected or the articles that would be released.
Last week, LAUSD Superintendent Alberto Carvalho confirmed a ransom demand had been received from an unidentified hacking organization over the Labor Day weekend.
He told reporters, “We can acknowledge… that there has been communication from this actor (hacker), and we have been responsive without engaging in any form of talks.”
“At this time, it is safe to say that this entity has made a financial demand. No, we haven’t gotten back to them about that request.”
He was vague about the nature of the request.
On Friday, Carvalho told the Los Angeles Times that the school district will not give in to the hackers’ demands and will not pay the ransom.
What he did tell the Times, though, was that “the demand — any demand” would be ridiculous. “But such an outrageous demand was beneath contempt. We have no intention of negotiating with such a party.”
As of Friday afternoon, the district published a statement recognizing the threatened information dump and indicating it is “diligently working with investigators and law enforcement to ascertain what information was impacted and to whom it belongs.”
When LAUSD administrators learned of the attack, they took the unprecedented step of turning off most of the district’s computers while they investigated the breach. After that, the offline systems were gradually brought back online.
Carvalho had previously stated that the hackers looked to have set a series of digital “tripwires” that could have blocked further systems, so the district was being cautious about bringing computers back online.
Officials have stated that the cyber attack has had no effect on classroom instruction or other district activities. However, the second-largest school system in the United States has mandated that all students and staff change their district passwords.
The hack temporarily disrupted the LAUSD website and email system, district officials said earlier. Officials assured the public, however, that health benefits and payroll had not been compromised and that existing school safety and emergency procedures had not been compromised either.
A ransom demand was received weeks after the initial attack, although it was unclear whether this meant the hackers had gained access to additional critical material.
Officials do not think any extremely sensitive material was accessed, according to comments made by Carvalho last week.
In other words, “this entity did contact our MiSiS (My Integrated Student Information) system, which holds student information,” Carvalho added. As of right now, “we believe that some of the data that was accessed may include some students’ names, may have some degree of attendance data, but more than likely lacks personally identifiable information or particularly sensitive health information or Social Security number information.”
He assured them that there was no evidence that any confidential employee information had been accessed.
“Carvalho informed the press that this was the “new reality,” adding that it was “very sad.” We are, on the one hand, trying to figure out what went wrong that allowed the breach to happen, such as whether or not a user unwittingly fell for a phishing scam and gave the bad guys access, or whether or not a systemic failure on the part of a third-party entity connected to our system allowed the breach to occur in the first place.
Officials from the district released a statement on Friday, saying, “When new information becomes available, we will share it with our school community and partners, and if your personal information is at risk, we will let you know. We also plan to offer affected individuals credit monitoring services when necessary.
“District officials in Los Angeles are unwavering in their belief that educational spending should come first. Los Angeles Unified feels public resources are better spent on our children than capitulating to a malicious and illegitimate crime syndicate, and that paying a ransom never ensures the full recovery of data. Maintaining full functionality of various essential IT systems is an ongoing priority, and we are getting closer all the time.”
According to the LAUSD, once the district reported the attack to federal authorities, the White House coordinated a response involving the FBI, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, and the United States Department of Education.