On September 5, Los Angeles Unified College District (LAUSD), the second largest faculty district in the US, printed a information launch disclosing a ransomware assault on its inside methods. Whereas LAUSD is removed from the one faculty to have been hit by ransomware this 12 months, the scale of the college district has made this explicit case a excessive profile one. Fortuitously, LAUSD was in a position to overcome the disruptions attributable to the assault comparatively nicely, managing to proceed lessons the following day. Nonetheless, the risk actor behind the ransomware assault wasn’t completed inflicting injury on the college district.
Final Friday, the ransomware gang referred to as Vice Society publicly claimed accountability for the assault and threatened to publish information stolen within the assault. The risk actor initially gave the college district 4 days to pay a ransom earlier than releasing the stolen information on-line, however LAUSD printed a information launch that very same day stating that it might not pay the ransom: “Paying ransom by no means ensures the complete restoration of knowledge, and Los Angeles Unified believes public {dollars} are higher spent on our college students somewhat than capitulating to a nefarious and illicit crime syndicate.” Vice Society responded by prematurely publishing the stolen information, which the ransomware gang informed BleepingComputer amounted to 500GB of knowledge in whole.
Sadly, whereas the stolen knowledge is now public, we nonetheless don’t know the complete extent of the data stolen. LAUSD was fast to launch a process pressure meant to boost the college district’s safety practices, however the district nonetheless hasn’t disclosed what sort of info might have been exfiltrated within the ransomware assault. An unnamed supply near the investigation informed NBC Los Angeles that the stolen information included confidential psychological assessments of scholars, contract and authorized paperwork, enterprise data, quite a few database entries, and personally figuring out info, corresponding to social safety numbers.
Not less than in the interim, these seeking to analyze the stolen knowledge or use it for nefarious functions could also be unable to take action, because the ransomware gang’s devoted leak web site (DLS) seems to be offline. Vice Society referenced the US Cybersecurity & Infrastructure Safety Company (CISA) in its publication of the stolen LAUSD knowledge, and it’s attainable that the company is giving the ransomware gang some bother. Shortly after the ransomware assault on LAUSD passed off, CISA printed a joint cybersecurity advisory with the Federal Bureau of Investigation (FBI) detailing Vice Society’s strategies and noting the ransomware gang’s propensity to assault targets within the schooling sector. Maybe, spurred on by this newest dump of non-public info, US legislation enforcement managed shut down Vice Society’s leak web site.
Sadly, even when the ransomware gang’s web site by no means comes again on-line, the information stolen from LAUSD was possible out there lengthy sufficient for different cybercriminals to obtain a replica of the information. Everybody who works for LAUSD or sends their youngsters to high school within the district ought to enact precautionary measures, corresponding to credit score freezes, to protect towards identification fraud within the wake of this occasion.