Hackers Leak 500GB Stolen Data from LAUSD Ransomware Attack

The Los Angeles Unified School District (LAUSD) ransomware attack just got worse as Vice Society, the group behind the attack, decided to release 500GB of stolen data this past week.

Following the initial attack on Labor Day weekend, Vice Society gave LAUSD until October 4^th to pay the ransom but grew impatient with LAUSD’s decision to work with the FBI and U.S. Cybersecurity and Infrastructure Security Agency (CISA).

According to TechCrunch, Vice Society grew frustrated that CISA was allegedly stalling the release of data and stated that CISA was “wrong” to advise LAUSD not to pay the ransom demand.

Vice Society went into victim blaming mode, stating that LAUSD should have just paid the ransom since they typically always delete the documents, help to restore networks and never talk about companies that pay the ransom.

The stolen (and now leaked) data includes a trove of personal information containing social security numbers, passport information, tax forms, contract and legal documents, criminal records, COVID-19 testing results and student psychological assessments.

Vice Society is well known for targeting the education sector and suspected to be behind at least eight other education attacks this year.

Another factor that may have led to the early release of the data was a press release from LAUSD outlining the attack, mitigation efforts and the staunch decision to not pay the ransom.  

“It is important to note that this investigation is ongoing. Los Angeles Unified remains firm that dollars must be used to fund students and education. Paying ransom never guarantees the full recovery of data, and Los Angeles Unified believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate. We continue to make progress toward full operational stability for several core information technology services.”

While the ransom has not been disclosed by anybody involved, LAUSD Superintendent Alberto Carvalho stated that the level of demand was, “… quite frankly, insulting. And we're not about to enter into negotiations with that type of entity.”

With the data now released, LAUSD awaits to understand the amount of damage this ransomware attack may likely cause.

As the second largest school district in the United States, LAUSD has more than 1,000 schools and 600,000 students—making it a prime target for a large-scale ransomware attack like this.

Details on how the attack happened and any related mitigation efforts are minimal at this point, but LAUSD has launched a dedicated incident-response line for questions about the attack. The phone number is 855-926-1129, and its hours of operation are 6:00am to 3:30pm PT, Monday through Friday, excluding major U.S. holidays.

You can also follow LAUSD social media for updates on Twitter @laschools and @lausdsup, Instagram at @laschools and @lausdsup, and Facebook at @laschools and @AlbertoMCarvalho1.

Did You Know October is Cybersecurity Awareness Month?

In support of Cybersecurity Awareness Month 2022, the Schneider Downs cybersecurity team is introducing a library of cybersecurity resources to help keep cybersecurity top-of-mind every day—at home, in the office and everywhere in between.

Explore the new resources at www.schneiderdowns.com/ncsam.

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.

To learn more, visit our dedicated Cybersecurity page or contact the team at [email protected].

Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity.