L.A. school district cyberattackers demand ransom

The hackers targeting the Los Angeles Unified School District made a ransom note, officials confirmed Tuesday, indicating the attackers extracted sensitive data or believe they can trick the district into believing so.

“We can confirm that a claim has been made,” said the LA school, Supt. said Alberto Carvalho. “There was no response to inquiries”

Carvalho refused to disclose the amount of the ransom demand or any other information about what information the attackers may have.

He said there had been “no new security breaches” and that the school system was continuing “our ramping up of apps and systems.”

Officials said they are optimistic that employees’ social security numbers and other sensitive information will remain secure. However, the outlook could be different when it comes to student information such as grades, course schedules, disciplinary records and disability status. The district does not collect Social Security numbers for students and parents.

Earlier, Carvalho announced that the attackers extended their negotiation period without explicitly naming a ransom amount. The county, Carvalho added, is following the advice of experts and law enforcement agencies that include both the FBI and the Los Angeles Police Department.

In a related development, federal officials Friday announced a major new grant program to help agencies better protect themselves from cyberattacks.

The demand for money was widely expected after the cyberattack, which was underway on the night of September 3, the Saturday of Labor Day weekend.

Hackers typically threaten to post sensitive information online if not paid for, but it can be difficult to determine what they received and they could be lying.

In general, such payments are a bad idea, said Clifford Neuman, director of USC’s Center for Computer Systems Security.

“It’s important for any organization affected by ransomware to understand that even if they pay a ransom note, there will still be significant IT costs and delays in repairing the system,” Neuman said. “The best course of action is not to pay the ransom and restore systems from backups.”

He added: “There is no reason to believe that the criminals would actually delete the exfiltrated data even if the ransom is paid.”

The attempted data theft was an element of the attack on LA Unified. The other involved attempting to disable district computer systems and make them inaccessible.

Although both elements of the attack were only partially successful, full recovery was difficult. For example, the information for a Tuesday Education Committee meeting was released through a temporary, cumbersome website. Campuses reopened as planned on Tuesday after Labor Day, but many students, parents and staff said a full week of classes was lost as technicians double-checked systems and phased reboots and users reset more than 600,000 passwords.

Along the way, the district uncovered malware left behind by the attackers that could potentially do more damage if left undetected and carefully disabled.

Carvalho described the malware as “digital tripwires left behind that, when triggered, further disable or infect systems.” This discovery caused a delay in resetting district passwords, in part due to concerns that the new passwords could then also be stolen.

Operations smoothed out for the second week after the attack, although technicians are still trying to restore the online system through which LA Unified handles purchases and the bidding process for vendors and construction projects.

Although a recent audit revealed gaping deficiencies in the district’s online security, LA Unified is far from alone.

“The only unusual thing about this attack is that it affected the second largest school district in the country. Unfortunately, that fact aside, incidents like this are all too common,” said Brett Callow, threat analyst at Emsisoft, a cybersecurity firm. “Already this year, 25 other districts with 425 schools have found themselves in the same position as LAUSD.”

Most of these incidents resulted in stolen data being leaked online.

A website that tracks cyberattacks reported that a California County Office of Education recently paid a $400,000 ransom.

LA Unified’s attack has been linked to a criminal syndicate calling itself the Vice Society, although authorities have declined to confirm this.

https://www.latimes.com/california/story/2022-09-20/lausd-cyberattackers-demand-ransom L.A. school district cyberattackers demand ransom

Alley Einstein

USTimesPost.com is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – admin@ustimespost.com. The content will be deleted within 24 hours.

Related Articles

Back to top button