Shifted timeline of ransomware attack in the Los Angeles school system
The Los Angeles Unified School District (LAUSD) has recently revised the timeline of a ransomware attack that occurred in 2022. According to the district, the initial point of intrusion was more than a month earlier than previously reported.
The ransomware attack, which was later claimed by the group Vice Society, occurred between July 31 and Sept. 3, 2022. This contradicts the district's initial claim that the attack happened over the Labor Day weekend.
The attack was one of the most high-profile and damaging incidents in the education sector last year. Vice Society is known to have stolen approximately 500 gigabytes of data from LAUSD. Check Point threat researchers observed that Vice Society posted about 250,000 files on the dark web, some containing sensitive information such as Social Security numbers, contracts, W-9 tax forms, invoices, and passports.
Nailing down an accurate timeline is crucial in post-breach investigations. Andrew Hay, COO at Lares Consulting, stated that the initial timelines of a cyberattack are often a rushed analysis based on partial data. He emphasized that the longer a threat actor is able to remain on an infrastructure, the more damage they can cause.
Without proper resources, organizations often lack full visibility into their infrastructure or vendor ecosystem, making it difficult to identify threats or compromises in a timely manner. This challenge is particularly prevalent in the education sector, where organizations need money, time, and resources for cybersecurity.
The LAUSD's investigation identified labor compliance documents and certified payroll records involving contractors that worked on Facilities Services Division projects, containing names, addresses, and Social Security numbers of contractor and subcontractor employees.
Post-breach investigations can be complex and may result in delays in verifying pertinent details. Cyberattacks are complex, and threat actors are continuously improving their skills, making each attack nuanced, as mentioned by Janssen-Anessi.
The district filed a data breach notice with the California Department of Justice last week. Timeliness is important subsequent to a breach, and knowing as soon as possible should be the goal, according to Janssen-Anessi.
The LAUSD has not yet disclosed whether they paid the ransom demanded by Vice Society. The incident serves as a reminder for all organizations to prioritize cybersecurity and invest in measures to protect sensitive data.
