The ransomware gang that hacked the Los Angeles Unified School District—paralyzing the computer systems of the second-largest school district in the country—is demanding a ransom two weeks after the attack.
LAUSD, which encompasses over 1,000 schools and some 600,000 students, was hacked on Sept. 6. At the time, the district announced that the malware-fueled attack had disrupted access to some of its IT systems. Now, some two weeks later, the gang that hacked the district is demanding money in return for data stolen during the incident, an unusually long lag between a breach and a demand for payment.
On Wednesday, Albert Carvalho, superintendent for the district, met with journalists at the district’s headquarters to tell them that the cybercriminals had reached out with a ransom demand. The district had not yet answered the ultimatum, he said.
“We can acknowledge … that there has been communication from this [hacker], and we have been responsive without engaging in any type of negotiations,” said Carvalho, as quoted by Deadline. “With that said, we can acknowledge at this point … that a financial demand has been made by this entity. We have not responded to that demand.”
It’s not at all clear how much money has been asked for or how much data might be at stake. Carvalho tried to assure the public Wednesday that sensitive data was “more than likely” not compromised in the incident: “We believe that some of the data that was accessed may have some students’ names, may have some degree of attendance data, but more than likely lacks personally identifiable information, very sensitive health information, or Social Security number information,” he said.
The gang responsible for the attack goes by the moniker “Vice Society.” TechCrunch reports that Vice Society is a double-extortion gang, which means that it employs two strategies to extract payment from its victims: data encryption and data exfiltration. In short, hackers don’t just encrypt a victim’s data, they also steal it and begin selectively leaking it to the internet via carefully curated “leak sites.” Double-extortion is currently one of the most popular strategies deployed in the cybercriminal underworld, as it can be highly effective at inspiring compliance.