Cybercriminals Leak LA School Data After It Refuses to Ransom

A group of criminal hackers have started leaking data containing personal information online, after the victim school publicly announced it wasn’t going to pay the ransom.
Los Angeles Unified Superintendent Alberto M. Carvalho, center, visits a 5th grade class at Vena Avenue Elementary & Gifted/High Ability Magnet on the first day of school for LAUSD on Aug. 15, 2022.
Image: Carolyn Cole / Los Angeles Times via Getty Images

A ransomware gang known as Vice Society (no relation with this publication and its parent company) has started leaking files and documents stolen from the Los Angeles Unified School District over the weekend. 

“Unfortunately, as expected, data was recently released by a criminal organization. In partnership with law enforcement, our experts are analyzing the full extent of this data release,” LAUSD’s superintendent Alberto Carvalho wrote in a tweet on Sunday, which included the number for a hotline set up for students and staff who may have questions about the incident.

Advertisement

LAUSD is the second largest school district in the United States, Vice Society hacked it last month, causing “significant disruption” to “access to email, computer systems, and applications,” according to the school district. LAUSD is just one of more than 1,700 schools impacted with ransomware this year, according to Emsisoft, a cybersecurity company that tracks ransomware incidents.

Over the last two years, ransomware gangs have been very successful at targeting U.S. schools, sending many of them into chaos.

Hackers started releasing data after the school’s superintendent publicly said they wouldn’t pay the ransom or negotiate with the hackers. 

“What I can tell you is that the demand—any demand—would be absurd. But this level of demand was, quite frankly, insulting. And we’re not about to enter into negotiations with that type of entity,” Carvalho told The Los Angeles Times on Friday. “Paying ransom never guarantees the full recovery of data, and Los Angeles Unified believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate.”

Advertisement

Are you part of a ransomware group? Or do you track ransomware hackers and their activities? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email [email protected]

On Friday, LAUSD published a statement making it clear that it had no intentions of caving to the hackers’ demands.

“It is important to note that this investigation is ongoing,” the statement said. “Los Angeles Unified remains firm that dollars must be used to fund students and education. Paying ransom never guarantees the full recovery of data, and Los Angeles Unified believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate.”

Some of the data appears to include Social Security Numbers, passport information, and tax forms according to the Times and Techcrunch. The data, which reportedly amounts to around 500 gigabytes, was published on the gang’s dark web site.

“We always delete documents and help to restore network [sic], we don’t talk about companies that paid us,” Vice Society told Techcrunch. “Now LAUSD has lost 500GB of files.”

Releasing stolen data is a tried and true tactic for ransomware gangs. If the victim doesn’t pay up, the hackers put even more pressure on the organization by releasing sensitive internal data.

“At this point they didn't really have a choice (since they decided against the choice to be decent human beings a long time ago),” Allan Liska, a researcher at cybersecurity firm Recorded Future who tracks ransomware, told Motherboard in an online chat. “LAUSD made it clear they weren't going to pay and the school district is willing to deal with the fallout of the data being exposed.”

Sign up for Motherboard’s daily newsletter for a regular dose of our original reporting, plus behind-the-scenes content about our biggest stories.