News Update

Hackers give LAUSD until Monday to pay ransom

Hackers have given Los Angeles Unified School District until Monday to either pay their ransom or have the district’s data released on the dark web. LAUSD has not said how much the hackers are asking for but says it will not pay ransom or negotiate.

“Los Angeles Unified remains firm that dollars must be used to fund students and education,” the district wrote in a news release. “Paying ransom never guarantees the full recovery of data, and Los Angeles Unified believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate.”

A countdown is visible on a website on the dark web hosted by ViceSociety, which has claimed responsibility for the hack discovered on Labor Day weekend. According to screenshots, the website states that the information will be published Monday at midnight London time, which would be 4 p.m. in Los Angeles. 

Neither LAUSD nor law enforcement has said whether Vice Society is indeed responsible.  However, a cybersecurity advisory reported earlier this month that Vice Society was largely targeting the education sector.

LAUSD said it’s still working to find out what information was breached. According to a news release, the district does not believe that employee health care and payroll information has been impacted. 

The Federal Bureau of Investigation, the White House and the Cybersecurity and Infrastructure Security Agency have all been involved in addressing the hack. The district has also put together a task force of security experts to examine the impact and outline recommendations in a 90-day report.

According to Emsisoft threat analyst Brett Callow, at least 27 school districts and 28 colleges have been affected by ransomware this year. He wrote on Twitter that at least 36 have had data stolen and released, and that, including LAUSD, Vice Society alone has hit at least nine school districts.