The ransomware gang Vice Society published a trove of data and documents Sunday morning that were stolen from the Los Angeles Unified School District during a cyberattack in early September.

LAUSD Superintendent Alberta M. Carvalho confirmed that the stolen data had been released in a statement on Twitter and said experts were examining its contents.

“Unfortunately, as expected, data was recently released by a criminal organization,” Carvalho tweeted. “In partnership with law enforcement, our experts are analyzing the full extent of this data release.”

The initial attack by the Russian-speaking ransomware gang occurred on the weekend of Sept. 3, but the ransomware used was not disclosed. According to reports at the time, the attack disrupted LAUSD’s access to its computer systems, email and applications. At the time, sources from the gang contacted the media and claimed that more than 500 gigabytes of data had been stolen.

The school district is the second largest school district in the U.S. with more than 1,000 schools and more than 6,400 students. According to a law enforcement source speaking to NBC Los Angeles, the files in the release contained confidential student psychological data, legal documents, business data, social security numbers and more personal information.

The stolen data was to be released today according to an apparent deadline for ransom, Monday but was released early after a statement from LAUD on Friday that the school district had no plans to pay any money to the hackers.

“It is important to note that this investigation is ongoing,” the district said in its release. “Los Angeles Unified remains firm that dollars must be used to fund students and education. Paying ransom never guarantees the full recovery of data, and Los Angeles Unified believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate.”

It’s not an uncommon warning by cybersecurity researchers to avoid capitulating to ransom demands from ransomware gangs. The reasons are that it does not guarantee that the data will not be released, and because the data was stolen, it will most certainly be sold or used in further cyberattacks. Ransomware gangs then use funds to fund their next attack.

“We should expect a further surge of ransomware campaigns that are relatively simple to run, are hardly investigable by law enforcement agencies, and bring huge profits, being a perfect ‘business’ compared to other cyberattacks,” Dr. Ilia Kolochenko, founder of ImmuniWeb, told SiliconANGLE. “With the new extortion tactics, not just the breached companies are blackmailed – but all the individuals whose contact details are available within the stolen data.”

Kolochenko pointed out that what’s most important about these outcomes isn’t whether or not a company or government agency pays a ransom, but how damage to the victims is prevented and operations are restored. In the end, if the data was stolen, recovery is going to be difficult, if not impossible, so looking to minimize the impact of the breach should be the top priority.

“Of note, a data leak is not necessarily the worst outcome of a ransomware attack: Many cases are known when even after paying the ransom, the data was nonetheless leaked for different reasons,” added Kolochenko. “Therefore, I would refrain from blaming any breached companies whose data eventually end up on the dark web. What counts is how they mitigate the harm and implement necessary security mechanisms and controls to avoid similar incidents in the future.”

Image: Pixabay