Vice Society on Friday listed the Los Angeles Unified School District on its ransomware leak site, four weeks after the country’s second-largest school system was hit by a major ransomware attack.
The group threatened to publish data it claims to have stolen during the attack on Oct. 3 at 4 p.m. PST. Ransomware groups typically list their victims on leak sites to increase pressure and set deadlines for victims to meet their ransom demand before stolen data is published.
The threat, which was discovered and published on Twitter by Brett Callow, threat analyst at Emsisoft, effectively gives the Los Angeles school district less than four days to respond. Vice Society did not include any details about the data it plans to publish.
“The only thing we now know is the date and time that they’ll release whatever data they supposedly have,” Callow said via email.
Vice Society has hit at least eight other U.S. school districts, colleges or universities this year, he said.
Alberto Carvalho, superintendent at LAUSD, previously confirmed a ransom demand was made by the group that breached the district’s systems. But, in an interview with the Los Angeles Times, Carvalho declined to state the amount demanded or what information the threat actor claims to have stolen.
The district has been following ransomware guidance from multiple federal agencies that are assisting with the investigation and recovery. Carvalho last week said the district had not responded to the ransom demand.
Vice Society was singled out in a joint Cybersecurity Advisory from federal authorities the same day LAUSD went public with the attack. The district and federal authorities have not publicly acknowledged the group is behind the attack, but the connection remains implied.
A spokesperson for LAUSD said the district is investigating the latest development, but did not have further information to share.