Ransomware gang Vice Society publishes stolen database after LAUSD refuses to pay a ransom

Malicious hackers, who orchestrated a damaging cyber attack against the Los Angeles Unified School District (LAUSD) in August, have released the stolen data on a dark web forum after the District refused to pay a ransom.

Los Angeles Unified School District (LAUSD) is the second largest school District in the U.S with more than 640,000 students at over 1,000 schools and employs more than 26,000 teachers. It is only second to the New York City Department of Education in terms of the student population.

On August 6, the District revealed that it was the target of a cyber attack but later confirmed that it suffered a ransomware attack over the weekend that disrupted access to some of its internal systems and emails.

LAUSD identified the incident as “criminal in nature” and said that it was working with law enforcement authorities, including the FBI and the CISA, to investigate the security incident.

The District also stated that while the investigation continued, it implemented a response protocol to mitigate the District-wide disruption, including access to emails, computer systems, and applications.

“While the District ’s ability to intercept the attack by deactivating all our systems was the swift, decisive and prudent action to avoid a catastrophic breach, the recovery from the disruption has proven more challenging than initially anticipated,” it added.

Last week, the Vice Society ransomware gang claimed responsibility for the ransomware attack and threatened to publish stolen data online unless LAUSD paid a ransom. To the group’s surprise, the District quickly decided against paying the ransom.

In a public statement, LAUSD Superintendent Alberto Carvalho said, “Los Angeles Unified remains firm that dollars must be used to fund students and education. Paying ransom never guarantees the full recovery of data, and Los Angeles Unified believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate.”

A couple of days after this announcement on Friday, the Vice Society listed LAUSD on their data leak site. Acknowledging the release of the stolen data, Carvalho tweeted “Unfortunately, as expected, data was recently released by a criminal organisation. In partnership with law enforcement, our experts are analysing the full extent of this data release.”

The Vice Society ransomware gang also included a message for the US Cybersecurity and Infrastructure Security Agency (CISA), which is assisting the school district in responding to the attack. “CISA wasted our time, we waste CISA reputation,” the message read.

The gang initially claimed to steal almost 500 GB of data from the school. While the authenticity of the claim hasn’t been verified, some of the folders of the leaked data include information like contract and legal documents, financial reports containing bank account details, health information including COVID-19 test data, previous conviction reports, and psychological assessments of students. A few other folders with the names ‘ssn’, ‘Secret and Confidential’, ‘Passport’, and ‘Incident’ were also seen in the leaked data.