Shane Richards, Class of 2023, Belmont Law
In September of last year, the Los Angeles Unified School District was the target of a ransomware attack that significantly disrupted its information technology systems. Being the second biggest school district in the United States, this attack made national headlines and prompted responses from the FBI and Homeland Security, among other federal agencies. This attack was one of many ransomware attacks targeting school districts across the United States. In the face of this attack, the Los Angeles United School District refused to pay the ransom, the amount of which was not disclosed to the public, stating that paying the ransom “never guarantees the full recovery of data…”
Several months later, it came to light that the group responsible has leaked this information onto the Dark Web, that deep, uncatalogued section of the internet that is only accessible via special tools. Specially, the sensitive health records for “about 2,000 current and former Los Angeles school students.” Included among these records were drivers’ licenses, Social Security numbers, assessment records, and COVID-19 results. The majority of the leaked health information relates to special education students. The information leaked about the special education students includes their academic performance, disciplinary records, and medical histories.
This attack, among many others of a similar nature, shows just how vulnerable the digitalization of sensitive information has become. Hackers are targeting schools, private companies, and hospitals at increasing rates, demanding double ransoms. The first ransom is for unencrypting the information, which could be completely lost otherwise. The second ransom is to keep the information from being published to places like the Dark Web. However, nothing guarantees that paying the ransom will prevent any of the loss of the information nor that the
information won’t be leaked for any nefarious actors to misuse. Although, the specific ransomware gang responsible for the Los Angeles attack is “reasonable” in negotiating their ransoms.
It seems that these ransomware gangs have three initial routes into these public systems. The first is by phishing employee emails, whereby they trick current employees into opening the door. Their second method is to take advantage of dormant account credentials left by former employees. The final way in is by exploiting known vulnerabilities in old software. Once in, these hackers then use techniques “living off the land,” which take piggy back off of legitimate tools to do the hackers’ dirty work, to circumvent detection. It’s unclear exactly which method was utilized in the attack on the Los Angeles United School District; however, the gang responsible has been known to utilize all these methods.
All of these methods used by ransomware hackers are supposedly preventable. However, the number of attacks are increasing year upon year and these attacks are targeted at any institution that has digitized its vital information. It’s not just health care information held by hospitals or medical providers that is at danger, but any third party institution, public or private, need to be prepared to take measures to prevent such attacks. The Los Angeles attack is a good case study in exactly the kind of consequences that can befall an institution and what lays in store for the real victims of such an attack—the patients and students that trust these institutions with their vital information.
Works Cited: https://today.westlaw.com/Document/I47ffbf80b3bc11ed9d67b7a2e9b19096/View/FullText.html?transitionType=CategoryPageItem&contextData=(sc.Default)&firstPage=true https://www.foxbusiness.com/technology/los-angeles-school-district-reveals-ransomware-gang-leaked-thousands-student-health-records-online https://www.foxnews.com/us/los-angeles-unified-school-district-targeted-ransomware-attack https://www.malwarebytes.com/blog/business/2023/01/5-facts-about-vice-society-the-ransomware-group-wreaking-havoc-on-k-12-schools https://www.cnn.com/2022/10/01/us/los-angeles-unified-school-district-ransomware-attack/index.html