Hacking Group Releases Data From LA School District After Superintendent Refuses to Pay Ransom
02:16 GMT 03.10.2022 (Updated: 09:03 GMT 10.02.2023)
CC BY-SA 4.0 / Marwanid branch of the Umayyads in 692. In spite of the highly decentralized governance of their land, the Yemenis seldom rebelled against the Umayyads. / HackerHacker
CC BY-SA 4.0 / Marwanid branch of the Umayyads in 692. In spite of the highly decentralized governance of their land, the Yemenis seldom rebelled against the Umayyads. / Hacker
Subscribe
Attacking educational institutions has been growing in popularity among hackers recently. At least 27 school districts and 28 colleges have been targeted by hackers in 2022. At least 36 have had their data leaked online and at least three have paid their attackers’ ransoms.
Hackers released data from the Los Angeles school district on Sunday, after superintendent Albert Carvalho said he would not negotiate with the criminal syndicate who has claimed responsibility for the hack or pay the ransom it demanded.
The release comes two days ahead of the deadline the hacking syndicate, which calls itself Vice Society, gave to the school but after Carvalho gave a firm commitment to not paying the ransom.
“Paying ransom never guarantees the full recovery of data, and Los Angeles Unified [School District] believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate,” Carvalho said in a statement released on Friday.
It is unknown what exactly is included in the theft, but a screenshot observed by the Los Angeles Times included social security numbers. Carvalho said that he does not believe the school staff’s personal information was leaked but said he is unsure about the personal data of students. Cybersecurity bloggers have confirmed that the data has been posted online.
In addition to the data leak, the school district is also dealing with a ransomware attack that has shut down several computer systems. Carvalho said the school district had to create workarounds so that outside contractors could be paid.
The hack was discovered on September 3 and since then, district technicians have been doing what they can to limit the damage. More than 600,000 users had to reset their passwords and systems had to be scanned for breaches and then restored.
Carvalho has so far refused to say how much Vice Society is demanding, only indicating that it was very high.
“What I can tell you is that the demand — any demand — would be absurd,” Carvalho was quoted by the Times as saying on Friday. “But this level of demand was, quite frankly, insulting. And we’re not about to enter into negotiations with that type of entity.”
Vice Society says the group has around 500 gigabytes of data from the schools.
The school district has set up a cybersecurity task force and said it will assist anyone who is harmed by the release of data. The school board has also bestowed Carvalho with emergency powers to deal with the hack.
The school district is working with the FBI, local law enforcement, and the federal Cybersecurity and Infrastructure Security Agency in dealing with the hack. The district has also set up a hotline