LA School District Ransomware Attackers Now Threaten to Leak Stolen Data

The clock is ticking for the Los Angeles Unified School District (LAUSD) — the second largest in the country. Following a ransomware attack at the beginning of the month, it has now has been given an ultimatum: meet Vice Society's ransom payment demands or have their data released to the public for anyone, including phishers and other cybercriminals, to access.

Brett Callow, a threat analyst for Emsisoft, shared a screen capture of the Vice Society leak site that shows the ransomware group is threatening to publish the goods in just a few days.

"The papers will be published by London time on October 4, 2022 at 12:00 a.m." the notice read.

The district has not provided an update on the types of information the cyberattackers are threatening to release, one district parent told Dark Reading.

"I do wish they'd sent out a notice about what personal information of our kids and ourselves could be included in this planned release," she says. "And whether we could do anything about reducing harm."

LAUSD Refuses to Pay Ransom

The school district acknowledged the attack in a Sept. 5 statement and said it was working with law enforcement to investigate the breach. Los Angeles Unified School District superintendent Alberto Carvalho confirmed a ransomware demand was made after the cyberattack was announced, and that the district was not paying up.

"We can confirm that there was a demand made," Carvalho said during a Sept. 20 interview with the Los Angeles Times. "There has been no response to the demand."

At press time, all of the systems used by parents and students are fully functioning, the district parent confirms.

"I'm generally supportive of how the district has handled the breach — they brought in the Feds immediately and stood firm on not paying the ransom," she says. "I could quibble here and there about communication and the actual implementation of the password reset, but all things considered, they've done OK."

The LAUSD hit was part of a series of ransomware attacks against schools by Vice Society, which hoped to capitalize on the busy back-to-school season.

The wave of early September attacks also prompted the Cybersecurity and Infrastructure Agency (CISA) to issue a warning about Vice Society's campaign against educational institutions.