LOS ANGELES (KNX) — An international criminal hacking group said Friday the Los Angeles school system must pay the ransom it has demanded by Monday or risk having student and employee information published on the dark web. KNX News Reporter Vicky Moore first reported the deadline.
The hacking syndicate, Vice Society, claimed responsibility for the cyberattack that shutdown Los Angeles Unified School District computer systems over Labor Day weekend, setting a deadline for payment as "London time on October 4, 2022, at 12:00 a.m.''
Superintendent Alberto Carvalho responded Friday, affirming L.A. public schools would not pay the ransom.
"Los Angeles Unified remains firm that dollars must be used to fund students and education," Carvalho said in a statement. "Los Angeles Unified believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate."
Brett Callow, a threat analyst from cybersecurity firm Emsisoft, told KNX News the deadline is intended to increase pressure.
Callow said paying the demand is not best idea, agreeing with the advice the district said it had received from law enforcement. The cybersecurity expert told KNX News paying the hackers amounts to a "pinky promise" from the hacker but does not guarantee the information seized will remain confidential or prevent future ransoms.
It's unclear the entirety of the information the hackers may have seized, and the group did not elaborate on what it had obtained or what might be published beyond describing the stolen information as 500 GB of data.
Supt. Carvalho admitted student information, including names and attendance records, had been accessed. A statement from LAUSD said the district did not believe employee healthcare, payroll, or safety and emergency mechanisms had been impacted.
Carvalho did not specify the amount demanded by the extortionists, but described the "level of demand" as "quite frankly, insulting," according to the Los Angeles Times.
LAUSD officials shut down its computer systems while assessing the damage done to their system and have worked over the last week to bring the network back to full capacity. Cybersecurity experts reported finding additional "tripwires" planted in the system intended to cause more debilitating damage.
Every employee and student was required to change their passwords — roughly 600,000 accounts. The hack impacted the school district's main website and email server.
Following the hack, the district said it contacted federal officials, prompting the White House to mobilize a response from the U.S. Department of Education, the FBI, and the Department of Homeland Security.