Vice Society Publishes LA Public School Student Data, Psych Evals

  /     /     /  
Publicated : 23/11/2024   Category : security


Vice Society Publishes LA Public School Student Data, Psych Evals


After a flat refusal to pay the ransom, Los Angeles Unified School Districts stolen data has been dumped on the Dark Web by a ransomware gang.



Update, 5:37 p.m. Pacific:
After a press conference at which the LAUSD superintendent said the district stopped the attack midstream, LAUSD sent out an email that read in part: First and foremost, based on the investigation conducted to date, it appears that the impact is not widespread. Some archival data regarding students, including student names, attendance data and addresses have been identified as impacted, but so far we have not identified critical private information. However, Los Angeles Unified’s review of the released data is ongoing. Affected individuals will be contacted by a District representative in the near future. The email also promised that the hotline hours will be expanded soon.
Shortly after Los Angeles Unified School District (LAUSD) superintendent Alberto M. Carvalho made it clear there would be no ransom payment, cyberattack group Vice Society dumped its stolen data on the Dark Web — days before the groups Oct. 4 deadline to receive payment. 
The early September
cyberattack disrupted LAUSD
s email and other systems, aimed at taking advantage of the busy back-to-school season. 
Los Angeles Unified remains firm that dollars must be used to fund students and education, a Sept. 30 media statement from the district said. Paying ransom never guarantees the full recovery of data, and Los Angeles Unified believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate. 
The LAUSD statement also said the cyberattack hasnt interrupted student instruction but added that payment processing for contractors and vendors is not yet fully functioning.
The attack group behind the breach,
Vice Society, had threatened to leak the data
it stole, which included passport details, tax forms, legal documents, COVID-19 testing results, and even information on student psychological evaluations, by Oct. 4. However, after seeing LAUSDs statement, the gang went ahead and leaked the information hours later, days ahead of its own deadline. 
Check Point Research, meanwhile, reported that the leak includes more than 248,000 files filled with Social Security numbers, contracts, invoices, passports, and more.
Check Point Researchers provided screenshots of a fraction of the leaked LAUSD data to Dark Reading, including passport files, an invoice for Merrimac Energy Group for what appears to be car fleet maintenance, an individual contractors W-9 tax form, and ironically, a signed Security of Personnel Information form with a pledge not to misuse sensitive employment information. 
LAUSD told Dark Reading it is not providing any new comment beyond its Sept. 30 statement, but Superintendent Carvalho did address the decision
not to pay Vice Societys ransom
on Twitter. 
I understand there will be many opinions on this matter, but, simply said, negotiating with cybercriminals attempting to extort education dollars from our kids, teachers, and staff will never be a justifiable option, Carvalhos tweet read. LAUSD refuses to pay ransom. 
The district said it arrived at the decision to refuse payment in consultation with the FBI, the White House, and the Cybersecurity and Infrastructure Security Agency (CISA), as well as with the private sector. 
Paying the ransom itself is a dicey proposition, and experts warn that paying isnt any kind of guarantee the files will be recovered. 
Paying a ransom is a business-level decision that must taken into consideration when recovering from an attack, Matthew Warner, CTO and co-founder of Blumira said in a statement to Dark Reading. However, that decision has a far-reaching impact on society that must be weighed as well. Paying a ransom is directly funding criminal enterprises that will turn around and utilize those funds to continue performing attacks. 
Having robust backup systems in place helps make that decision much easier, Warner added. 
Regardless of the decision about whether to withhold payment, there is no outcome of the LAUSD compromise that wont be expensive for the district, Bugcrowd founder and CTO Casey Ellis explains to Dark Reading.
The downside of the LAUSD’s decision not to pay the ransom is that there is still going to be money to be paid around the cleanup of this as well, Ellis says. That is going to cost time, and there is the potential for a significant financial impact.
This isnt Carvalhos first school district cyber incident. In 2020, he was superintendent with Miami-Dade public schools when the districts new COVID-19-prompted distance learning efforts were disrupted by a distributed denial-of-service (DDoS) attack. A South Miami high school junior was eventually
arrested in relation to the cyberattack
, according to local news reports. 
Overwhelming data shows Carvalho, along with his education administration colleagues across the country, will need to become accustomed to managing a growing number of cyber threats aimed at schools. 
Check Point said that during the month of September alone, a US education organization was facing a weekly average of 740 attacks every week, a full 37% more than the same time last year. In addition, one out of every 98 organizations faced a ransomware attack each week, a rise of 15% over last year, Check Point added. 
Besides the direct district cost to recover from this specific breach, there is a wide community of students, staff, and business partners who are likely to be affected for years to come. 
Warner warned that students, in particular, can expect to be targeted by future phishing campaigns using their data stolen from LAUSD. 
Experts recommend anyone who was potentially impacted by the breach should be on the lookout for follow-on attacks and take steps ranging from freezing credit lines, getting a Dark Web monitoring service, changing passwords, and enabling multifactor authentication across all of their applications and websites. 
This incident serves as yet another reminder of why parents and students must make cybersecurity a priority, Darren Guccione, CEO and co-founder of Keeper Security tells Dark Reading. Two-factor authentication is a powerful and simple way to safeguard accounts from a remote attacker.
Parents and other community advocates are unsatisfied with the LAUSD response so far. 
One parent group called Parents Supporting Teachers released a statement saying that the group, which identifies itself as the largest parent advocacy group supporting LAUSD, is frustrated by the districts lack of
communication about the breach
 beyond social media statements. 
For its part, LAUSD has a new incident response line to answer questions about the cyberattack. But as one frustrated LAUSD parent, an editor with Dark Reading, pointed out, Hilariously, the hotline only runs from 6 a.m. to 3:30 p.m., so teachers wont be able to call.
Another parent said commented on Twitter they were
unable to get through
to anyone on the hotline. 
Never got through they wrote. Had to hang up. 

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Vice Society Publishes LA Public School Student Data, Psych Evals