Information stolen from the Los Angeles Unified School District (LAUSD) appeared on Vice Society’s leak site. LAUSD confirmed the authenticity of the leak.
LAUSD Superintendent Alberto Carvalho tweeted a statement acknowledging the release of data, saying the school district will continue working with the authorities to resolve the issue.
“Unfortunately, as expected, data was recently released by a criminal organization,” Carvalho said
LAUSD suffered from a cyberattack earlier this month. The attack disrupted access to email, computer systems, and applications. Teachers could also not post lessons and take attendance due to the attack.
Ransomware gang Vice Society was behind the breach, posting LAUSD data on gangs’ leak site. Interestingly, the gang added a message to the US Cybersecurity and Infrastructure Security Agency (CISA) next to the LAUSD leak.
“CISA wasted our time, we waste CISA reputation,” said the message on the leak site.
The message likely means that CISA interfered on LAUSD’s behalf. The public release of the data comes after LAUSD released a statement saying the school district will not pay the ransom cyber criminals demanded.
“Paying ransom never guarantees the full recovery of data, and Los Angeles Unified believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate,” the statement said.
According to NBC, a law enforcement source said stolen documents include extremely sensitive data such as psychological assessments of students. Vice Society’s leak site was inaccessible when publishing this article.
‘No honor amongst thieves’
“Kudos to the LAUSD for their work to restore operational functionality across their district and they are not alone in being attacked,” Sam Curry, CSO at Cybereason, told Cybernews. “There is no honor amongst these thieves and they will continue to stoop to low levels for profit. Overall, these threat groups are sociopaths that care more about personal wealth than community health.”
The company’s study found that 80% of organizations that paid a ransom were hit a second time, and more than 10% of companies admitted paying a ransom three times.
“Unfortunately, we’re seeing an increase in attacks on secondary schools and institutions of higher learning because as a whole they tend to pay ransoms. In many cases, the schools received their data back but it was corrupted and unrecoverable which is why we recommend never paying ransoms unless it is a matter of life and death. Ransomware can be stopped and operations returned to normal,” Curry said.
“There is no honor amongst these thieves and they will continue to stoop to low levels for profit. Overall, these threat groups are sociopaths that care more about personal wealth than community health,”Sam Curry, CSO at Cybereason, told Cybernews.
Good cybersecurity hygiene is a crucial to reduce the risk of ransomware. Companies also need to make sure there is always someone available to respond to emergencies on holidays and weekends, as more attacks happen during those times.
“In this situation, LAUSD was attacked over Labor Day. Organizations should also make sure they have clear isolation practices in place to stop any further ingress on the network or spreading ransomware to other devices as well as evaluate the lock-down of critical accounts. Teams should create highly secured, emergency-only accounts in the active directory that are only used when other operational accounts are temporarily disabled as a precaution or inaccessible during a ransomware attack,” Curry added.
Wealth of data
The wealth of valuable data held in schools make education institutions lucrative targets. Education institutions often hold confidential records and thus are more likely to comply with ransom demands.
Another reason threat actors have set their sights on education institutions is that schools tend to make high ransom payments. A recent survey showed that lower education schools are among the top three in the amount of ransom paid ($1.97 million).
Ransomware attacks on education institutions have the highest data encryption rate (75%) among all sectors (65%). A staggering 9% of higher education schools take over three months to recover from ransomware attacks, more than double the average time for other sectors.
Some don’t recover at all. For example, Lincoln College, established in 1865, had to close up shop recently after a ransomware attack disrupted the admission process last December.
More from Cybernews:
Subscribe to our newsletter