The Los Angeles Unified School District, the victim of a major cyberattack over Labor Day weekend, has received a ransom demand from the person or group that hacked into its systems, though officials have not indicated if they intend to pay or enter into any negotiations.

“There has been communication from this actor, and we have been responsive without engaging in any type of negotiation,” Superintendent Alberto Carvalho told reporters outside the district’s headquarters on Wednesday, Sept. 21.

“A financial demand has been made by this entity. We have not responded to that demand,” he added.

District officials have not said how much money the hacker or hackers demanded nor what information they claim to have stolen.

Officials previously acknowledged that the LAUSD student information system was “touched.”

“We believe that some of the data that was accessed may have some students’ names, may have some degree of attendance data, but more than likely lacks personally identifiable information or very sensitive health information or Social Security number information,” Carvalho said Wednesday. “It is a containable risk that we’re dealing with here.”

He maintained that there has been no evidence that employees’ payroll information or Social Security numbers were compromised.

The district is working with the FBI and local law enforcement on the ongoing criminal investigation and is acting upon the advice of such agencies and cybersecurity and legal experts.

Regardless of whether L.A. Unified decides to pay the ransom, one cybersecurity expert said the district will likely incur a hefty bill as it recovers from the data breach.

Doug Levin, national director of K12 Security Information eXchange, or K12 SIX, said he would not be surprised if the incident will cost L.A. Unified, the nation’s second-largest school district, tens of millions of dollars in overall recovery efforts. Those would include fortifying its IT infrastructure, rebuilding systems, and other costs related to the investigation which could last months if not years.

In the last two years, Baltimore County Public Schools in Maryland spent nearly $9.7 million in recovery costs, and the school board in Buffalo, N.Y., approved nearly $9.4 million in expenditures for IT consultants after its districts were attacked by ransomware, according to K12 SIX, a nonprofit that tracks cybersecurity threats among school districts throughout the United States.

Law enforcement agencies generally advise districts not to pay ransom demands, Levin said, because doing so helps the hacker fund its criminal operations and it encourages similar entities to target educational …read more

Source:: The Mercury News


Los Angeles school district receives ransom demand from Labor Day weekend cyberattacker

Leave a Reply

Your email address will not be published. Required fields are marked *