Carvalho made this statement after the hackers released a trove of stolen data over the weekend. While there is no confidential information related to students and staff, the leaked files include the personal information of contractors, such as their social security numbers, passport details, and “other financial data.” LAUSD has refused to comment on the threat actor responsible for the breach, but all signs point to the Russian-speaking hacker group, Vice Society. The group has claimed responsibility for the ransomware attack, and the leaked data was posted on their site over the weekend. Vice Society had threatened to release the data if LAUSD did not meet its ransom demands by Monday. However, Carvalho insisted LAUSD would not pay the ransom, which he described as “absurd” and “insulting.”
‘More Limited Than We Originally Anticipated’
At a press conference on Monday, Superintendent Carvalho claimed the attack was more limited than expected. There was “no evidence of widespread impact as far as truly sensitive confidential information” of LAUSD students and staff. Carvalho said LAUSD never attempted to negotiate with the hackers. “There were suggestions that we were not negotiating but we were using somebody behind the scenes to negotiate on our behalf. That never happened,” he said. An initial analysis of the files posted on the dark web shows the hackers accessed LAUSD’s MiSiS (My Integrated Student Information) System, Carvalho said. They also accessed basic information like students’ names, attendance data, and “academic information.” Carvalho claims the stolen information is “archived” data from 2013 to 2016. He denied reports that the leaked data includes students’ psychiatric evaluation reports. “We believe the vast majority of that data is not recent data,” Carvalho stated. Meanwhile, LAUSD has created an incident response hotline for parents and staff — 855 926 1129. The line was originally set to be active from 6 a.m. to 3:30 p.m., but it has been inundated with calls, forcing the district to change its operating hours to 8 a.m. to 8 p.m.
LAUSD Cyberattack: The Story So Far
LAUSD is the second-largest school district in the U.S., with over 1,000 schools and 600,000 students. The ransomware attack, over the Labor Day weekend, disrupted access to its IT network. LAUSD shut down most of its computer systems after detecting unusual activity. Carvalho believes this limited the information the hackers could access. LAUSD has been working with the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) to investigate the breach. On September 30, the district issued a press release claiming it had learned about the hackers’ plan to release some of the stolen information online. “Los Angeles Unified remains firm that dollars must be used to fund students and education,” the press release read. “Paying ransom never guarantees the full recovery of data, and Los Angeles Unified believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate. We continue to make progress toward full operational stability for several core information technology services.”
CISA Gave LAUSD Wrong Guidance
In an email to TechCrunch, Vice Society said CISA stalled the release of the data. The group also said CISA was “wrong” to advise LAUSD not to pay up. “We always delete documents and help to restore network [sic], we don’t talk about companies that paid us,” Vice Society claims. “Now LAUSD has lost 500GB of files.” It is important to note that government agencies in most jurisdictions advise companies not to comply with ransom demands. According to them, paying ransoms only emboldens malicious actors to target more organizations. LAUSD said in its press release that coughing up the ransom amount did not guarantee the safe return of its encrypted servers, or that the criminals would delete their copies of stolen data. We recommend checking out our in-depth article on ransomware-as-a-service (RaaS) to learn more about ransomware. And if you’re interested in learning more about the dark web, our simple dark web explainer is the perfect resource.