Ransomware hackers leak 500GB of stolen data from LAUSD school system

The Vice Society ransomware gang released a trove of data and documents on Sunday morning that were stolen from the Los Angeles Unified School District in a cyberattack in early September.

LAUSD Superintendent Alberta M. Carvalho confirmed that the stolen data had been published in a statement on Twitter and that experts were examining its contents.

“Unfortunately, as expected, data has recently been released by a criminal organization,” Carvalho tweeted. “In partnership with law enforcement, our experts are analyzing the full scope of this data release.”

The initial attack by the Russian-speaking ransomware gang took place over the weekend of September 3, but the ransomware used was not disclosed. According to reports at the time, the attack disrupted LAUSD’s access to its computer systems, emails and applications. At the time, gang sources contacted the media and claimed that over 500 gigabytes of data had been stolen.

The school district is the second largest school district in the United States with over 1,000 schools and over 6,400 students. According to a law enforcement source speaking to NBC Los Angeles, the files in the release contained confidential student psychological data, legal documents, business data, Social Security numbers and other personal information.

The stolen data was due to be released today on an apparent ransom deadline Monday, but was released early after a statement from LAUD on Friday that the school district had no plans to pay the hackers any money.

“It is important to note that this investigation is ongoing,” the district said in its statement. “Los Angeles Unified remains firm that dollars should be used to fund students and education. Paying a ransom never guarantees full data recovery, and Los Angeles Unified believes public money is better spent on our students than surrendering to a nefarious and illicit crime syndicate.

This is not an uncommon warning from cybersecurity researchers to avoid capitulating to ransom demands from ransomware gangs. The reasons are that it does not guarantee that the data will not be leaked, and because the data has been stolen, it will most certainly be sold or used in other cyberattacks. Ransomware gangs then use funds to finance their next attack.

“We should expect a new wave of ransomware campaigns that are relatively simple to execute, difficult for law enforcement to investigate, and yield huge profits, being a perfect ‘business’ compared to other cyberattacks. “, said Dr. Ilia Kolochenko, founder of ImmuniWeb. , told SiliconANGLE. “With the new extortion tactics, not only hacked companies are blackmailed, but everyone whose contact details are available in the stolen data.”

Kolochenko stressed that what is most important about these results is not whether or not a company or government agency pays a ransom, but how harm to victims is avoided and operations are restored. Ultimately, if the data has been stolen, recovery will be difficult if not impossible, so seeking to minimize the impact of the breach should be the top priority.

“It should be noted that a data leak is not necessarily the worst result of a ransomware attack: many cases are known where even after paying the ransom, the data was nevertheless leaked for different reasons,” added Kolochenko. “Therefore, I would refrain from blaming hacked companies whose data ends up on the dark web. What matters is how they mitigate the damage and implement the necessary security mechanisms and controls. to avoid similar incidents in the future.

Image: Pixabay

Show your support for our mission by joining our Cube Club and our Cube Event community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, ​​Dell Technologies Founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many other luminaries and experts.

Jeremy S. McLain