Ransomware operators posted stolen data after LAUSD refused to pay

LAUSD school system affected by the ransomware and data stolen during the attack got published a month later

Ransomware leaked data when the school system decided not to pay the ransom amount

Ransomware gang leaks data stolen from the Los Angeles Unified School District school systems. Vice Society ransomware operators published files obtained during the attack month ago.^[1] The victim decided not to pay the demanded sum, and documents and other data were made public on Sunday morning.^[2]

Officials confirmed the release of stolen data in their Twitter statement, and the hotline was launched. This number that should already work is for concerned parents and students that want to ask questions about the data leak.

Unfortunately, as expected, data was recently released by a criminal organization. In partnership with law enforcement, our experts are analyzing the full extent of this data release.

The school system officials announced last week that they are not giving money to these ransomware operators and that the ransom demands will not be paid. The district decided to use the money better for students and their education, so these ransomware operators did what they promised in their ransom note. This double-extortion^[3] is common for the threats can target larger businesses and entities nowadays.

Paying the ransom never guarantees the recovery

Los Angeles Unified believed that paying the demanded sum would not help their case with the ransomware and would not guarantee the full recovery of these systems. This is not a huge and profitable business that has huge funds and even a dedicated number of money for such security and cyber threat attack issues and breach incidents.^[4]

The gang behind the ransomware released the stolen data on their data leak site, including the message for the US Cybersecurity and Infrastructure Security Agency – CISA. This agency is normally helping businesses and warning people on incidents^[5] and is not assisting the school district in responding to the attack.

The message addressed this agency as the ones that wasted the Vice Society ransomware gang's time. These threat actors claim to waste CISA's reputation now. This group of criminals was previously infecting other entities, and they have stolen 500 GB of data. Or at least claimed to do so because there is no proof or victims who could confirm this.

Ransomware gangs leak sensitive details

Data leaked in this incident has folders and documents and various data. Some of the files contain sensitive information because folders and files are marked as SSN, Secret, Confidential, Passport, or Incident. Unfortunately, these leaked documents also include confidential psychological assessments of students, evaluation details, contract, and legal documents, business records, and database entries.

LAUSD said that students, the school community, partners, employees, and other people involved got notified if their personal information got exposed due to this attack. The organization also promises to provide free credit card monitoring services.

It is not uncommon for these criminals to use data published by ransomware gangs for their own gains. It is possible that sensitive, personal, credit card, and other payment details can be used by threat actors in later attacks or scams. All School students, parents, and employees should be cautious of possible phishing attacks and other scam campaigns to avoid getting victimized losses of data or even money.