LOS ANGELES - An international hacking syndicate claiming responsibility
for a cyberattack that forced a shutdown of Los Angeles Unified School
District computer systems has set a Monday deadline for the district pay a
ransom or the organization will publish undisclosed information it claims
it obtained in the hack.

In a dark web post detected and reprinted by Brett Callow of the
cybersecurity firm Emsisoft, the hacking syndicate Vice Society listed the
LAUSD as one of "our partners," and stated, "The papers will be published
by London time on October 4, 2022 at 12:00 a.m."

The post did not give any indication of what information had been obtained
or what would be published.

LAUSD Superintendent Alberto Carvalho acknowledged last week the district
has received a ransom demand from the group responsible for the Labor Day
weekend hack -- which he declined to name.

"We can acknowledge ... that there has been communication from this actor
(hacker) and we have been responsive without engaging in any type of
negotiations," he told reporters. "With that said, we can acknowledge at
this point ... that a financial demand has been made by this entity. We
have not responded to that demand."

He did not provide specifics of the demand.

Carvalho told the Los Angeles Times on Friday the district will not pay
the ransom demand or negotiate with the hackers.

"What I can tell you is that the demand -- any demand -- would be absurd,"
he told the Times. "But this level of demand was, quite frankly,
insulting. And we're not about to enter into negotiations with that type
of entity."

The district issued a statement Friday afternoon acknowledging the
threatened information dump, and indicated it is "diligently working with
investigators and law enforcement to determine what information was
impacted and to whom it belongs."

After discovering the hack, LAUSD officials took the extraordinary step of
shutting down most of its computer systems while they worked to assess the
full extent of the cyber intrusion. Systems were then slowly brought back
online.

Carvalho said earlier the hackers appeared to have planted a series of
digital "tripwires" that could have disabled more systems, so the district
was being cautious about bringing computers back online.

RELATED: LAUSD approves emergency declaration after cyber attack

No classes or other district operations have been impacted by the
cyberattack, officials said. Students and staff, however, have been forced
to reset their district passwords -- a monumental task for the nation's
second-largest school district.

District officials said earlier that the attack temporarily interfered
with the LAUSD website and email system. But officials said employee
health care and payroll were not affected, nor did the hack impact safety
and emergency mechanisms in place at schools.

It was unclear if the receipt of a ransom demand weeks after the initial
attack was an indication that the hackers obtained or could potentially
obtain more sensitive information. Carvalho said last week officials do
not believe any highly sensitive information was accessed.

"This entity did touch our MiSiS (My Integrated Student Information)
System, which contains student information," Carvalho said. "To the best
of our knowledge at this point ... we believe that some of the data that
was accessed may have some students' names, may have some degree of
attendance data, but more than likely lacks personally identifiable
information or very sensitive health information or Social Security number
information."

He said there is no sign that any sensitive employee information was
accessed.

"This is the sad but new reality we are facing," Carvalho told reporters.
"We are on one hand attempting to understand how the breach took place --
was it human error, meaning someone unknowingly responded to a phishing
email that allowed unauthorized access, or was it a systemic failure on
the part of a third-party entity that is connected to our system that
opened the door?"

In its Friday statement, district officials said, "To our school community
and partners, we will update you when we have relevant information and
notify you if you personal information is impacted, as appropriate. We
also expect to provide credit monitoring services, as appropriate, to
impacted individuals.

"... Los Angeles Unified remains firm that dollars must be used to fund
students and education. Paying ransom never guarantees the full recovery
of data, and Los Angeles Unified believes public dollars are better spent
on our students rather than capitulating to a nefarious and illicit crime
syndicate. We continue to make progress toward full operational stability
for several core information technology services."

Following the hack, the district contacted federal officials, prompting
the White House to mobilize a response from the U.S. Department of
Education, the FBI and the Department of Homeland Security's Cybersecurity
and Infrastructure Security Agency, according to the LAUSD.

https://www.foxla.com/news/lausd-cyberattack-hackers-set-monday-deadline-
for-district-to-meet-ransom-demand