L.A. School District Hackers Now Demanding Ransom, Official Says

UPDATED with more details: The massive cyberattack on the Los Angeles Unified School District as the school year started this month has been something of a mystery because of the lack of demands made by the hackers. But now they are demanding ransom, officials said.

“We can acknowledge … that there has been communication from this [hacker], and we have been responsive without engaging in any type of negotiations,” LAUSD Superintendent Alberto Carvalho told reporters at district
headquarters Wednesday. “With that said, we can acknowledge at this point … that a financial demand has been made by this entity. We have not responded to that demand.”

More from Deadline

• 'The Sopranos' Convention Muscles In On Los Angeles; David Chase, Edie Falco & Others Set

• 'Fast X': Residents Protest Franchise Filming In L.A.'s Angeleno Heights, Saying It Encourages Illegal Street Racing There

• Vanessa Bryant & Co-Plaintiff Awarded $31M In Damages Over Kobe Crash Photos

He did not announce how much money the hackers are seeking, who they are or what data they might have.

Carvalho said Wednesday, however, that the hackers “did touch our MiSiS [My Integrated Student Information] System, which contains student information. To the best of our knowledge at this point … we believe that some of the data that was accessed may have some students’ names, may have some degree of attendance data, but more than likely lacks personally identifiable information or very sensitive health information or Social Security number information.”

The hack, which targets protected data and also attempts to disable the district’s computer systems, was found over Labor Day weekend, three weeks after some 400,000 students returned to classes. It also includes “tripwire” malware that can be triggered to cause further damage if not found and properly deleted.

Students, parents, teachers and staff still have some limited access, but the process also requires them to reset their district passwords and many are getting a message like the one here below. Still, not all of district’s apps and systems are operational yet, and the release of five-week report cards has been delayed.

The U.S. Department of Homeland Security said at the time that traced the attack to a “ransomware tool that temporarily disabled systems, froze others and had access to some degree of data.”

The identity of the hackers has not been released, but some reports linked the attack to a cybercriminal syndicate known as the Vice Society.

“We are on one hand attempting to understand how the breach took place — was it human error, meaning someone unknowingly responded to a phishing email that allowed unauthorized access, or was it a systemic failure on the part of a third-party entity that is connected to our system that opened the door,” Carvalho said. But he acknowledged that “usually these cases begin with some degree of a human failure.”

LAUSD, the country’s second-largest school district, is working with DHS, the FBI and Los Angeles Police Department on the issue. Last week, Carvalho was given rare emergency authority to deal with the crisis, allowing his office to take action “without advertising or inviting bids and for any dollar amount necessary.”

District officials also have released details of an action plan to provide protection for school computer systems going forward. The plan includes:

• Independent Information Technology Task Force: Charged with developing a set of recommendations within 90 days, including monthly status updates;

• Additional human resources: Deployment of IT personnel at all sites to assist with technical issues that may arise in the coming days;

• Technology investments: Full-scale reorganization of departments and systems to build coherence and bolster data safeguards;

• Advisory council: Charged with providing ongoing advisement on best practices and systems, including emerging technological management protocols;

• Technology adviser: Directed to focus on security procedures and practices, as well as conduct an overall data center operations review that includes an assessment of existing technology, critical processes and current infrastructure;

• Budget appropriation: Directed appropriation of any necessary funding to support Information Technology Division infrastructure enhancement;

• Employee training: Develop and implement mandatory cyber security responsibility training;

• Forensic review: Expand ongoing assistance from federal and state law enforcement entities to include a forensic review of systems, and

• Expert team: Creation and deployment of an expert team to assess needs and support the implementation of immediate solutions.

City News Service contributed to this report.

Best of Deadline

• NFL 2022 Schedule: Primetime TV Games, Thanksgiving Menu, Christmas Tripleheader & More

• The Queen Onscreen: 15 Actresses (And Actors) Who've Played Elizabeth II In Film And On TV

• 'Blonde' Premiere Photo Gallery: Ana de Armas Channels Marilyn Monroe At Venice Film Festival

Sign up for Deadline's Newsletter. For the latest news, follow us on Facebook, Twitter, and Instagram.

Click here to read the full article.