Hacking gang sends ransom demand to LA school district

Photo by Amelia Holowaty Krales / The VergeThe hackers who hit the Los Angeles Unified School District (LAUSD) with ransomware over Labor Day weekend have now issued a ransom payment demand, according to the district superintendent. On Tuesday, superintendent...

Hacking gang sends ransom demand to LA school district

Skip to main content


Attackers may be able to access data from the district’s student information system

Illustration of two smartphones sitting on a yellow background with red tape across them that reads “DANGER”

Photo by Amelia Holowaty Krales / The Verge

The hackers who hit the Los Angeles Unified School District (LAUSD) with ransomware over Labor Day weekend have now issued a ransom payment demand, according to the district superintendent.

On Tuesday, superintendent Alberto Carvalho told the Los Angeles Times that a demand had been made but that the district had not responded. Carvalho declined to reveal the amount of money demanded.

The extortion attempt represents an inevitable escalation in the ransomware attack — which targeted the nation’s second-largest school district just as pupils began to return after the summer break — and raises questions over what sensitive information the hackers may have been able to obtain.

The extortion attempt represents an inevitable escalation

Though the attack caused disruption to some of the school’s email systems and other applications, other critical systems such as the MiSiS student management system were recovered and brought back online shortly afterward. But in a press conference held Wednesday, Carvalho said that the hackers had likely accessed data from MiSiS, including certain information on students.

“We believe that some of the data that was accessed may have some students’ names, may have some degree of attendance data, but more than likely lacks personally identifiable information or very sensitive health information or Social Security number information,” Carvalho told local reporters, as quoted by Deadline.

Although the ransomware attack has not been officially attributed, there are many signs that it was carried out by a cyber gang known as Vice Society. Shortly after the LAUSD attack came to light, the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about Vice Society ransomware that was specifically targeting K-12 institutions in the US, though the LA school district was not named as a target. Following CISA’s cybersecurity advisory, Vice Society took credit for the attack in communications with journalists.

Details published by CISA describe Vice Society as an “intrusion, exfiltration, and extortion hacking group” that used double extortion tactics: locking systems and threatening to publicly release data unless a ransom is paid. The group was becoming more active in sync with the start of the academic year, CISA said, when the potential impact of ransomware attacks on schools was greatest.

Though the recent attack is the only time the LA school system has been successfully targeted, it has encountered a near-miss at least once in the past. In the wake of the Labor Day attack, cybersecurity researchers at Hold Security revealed that they had previously detected a device linked to the school district within a malware botnet but had disclosed the findings in time for further attacks to be prevented.

Richard Lawler27 minutes ago

Green light.

And we’re back! You may have noticed a review of the new AirPods Pros, and the TikTok vs. Facebook battle heads to the metaverse thanks to this Pico 4 VR headset that lines up against the Meta Quest Pro.

Still, the sneakiest news of the morning might be this tidbit from Chris Welch’s update on the $30 Chromecast HD — the new device already runs Android 12, and the 4K model will get an update “in the near future.”

A close-up of the Pico 4 headset

David PierceTwo hours ago

Have you seen any edited tweets yet?

Twitter’s edit button is live to a small group of users, Bloomberg says — “a subset of a subset” — and has been for about 24 hours. I haven’t seen any yet, though, and the option’s not in my Twitter Blue settings either. So keep an eye out, and let us know if you come across the mythical edited tweet!

Welcome to the new Verge

Revolutionizing the media with blog posts

Nilay PatelSep 13

The James Webb telescope has snapped this ghostly image of Neptune’s rings.

NASA describes the image as the clearest view of Neptune’s rings in over 30 years, some of which haven't been detected since Voyager 2’s flyby in 1989. Webb was also able to capture seven of Neptune’s 14 known moons, with Triton appearing so bright it almost looks like a star.

The Ice Giant appeared deep blue in images previously taken by the Hubble space telescope due to methane in its atmosphere, but these images using the Webb telescope’s Near-Infrared Camera give it an altogether more ethereal look.

James Webb image of Neptune and Triton

That ‘star’ on the left is actually Triton, Neptunes largest moon. And see those bright streaks and patches on the planet? Those are methane-ice clouds reflecting sunlight.

Image: Nasa

If you can’t launch Xbox games, try restarting your system (again).

I don’t know if the latest Xbox glitch has anything to do with the September update that brought a new library view and RGB effects on Elite 2 gamepads earlier today, but many gamers have had problems with games that refuse to launch.

This Xbox Support tweet from 11:18PM ET says they’ve released a fix, but to get it ASAP, you’ll need to restart — again.

We are aware of an earlier issue that was causing games to crash. A fix for this issue will make its way to everyone’s console soon, but if you want the fix immediately we would recommend that you reboot your console.

— Xbox Support (@XboxSupport) September 22, 2022

Crypto tokens are just “decentralized Ponzi schemes,” says JP Morgan CEO Jamie Dimon.

Previously, Dimon has called Bitcoin “a fraud,” before deciding whoopsie, no, “The blockchain is real. You can have crypto yen and dollars and stuff like that.” Okay, babe, now please explain how the London Whale happened just one more time.

Twitter has disclosed yet another security issue.

In some instances, accounts would remain logged in on mobile after a user voluntarily reset their password, according to a blog post. It’s not a great look for a company already under significant scrutiny for its security practices following explosive allegations from its former head of security.

We fixed a bug that didn't close all active logged in sessions on Android and iOS after an account's password was reset. To keep your account safe, we logged some of you out. You can log back in to keep using Twitter.

For more details on what happened: https://t.co/OmjLKOe5bs

— Twitter Support (@TwitterSupport) September 21, 2022

Meet the staffer behind Chancery Daily, a specialist publication that has been explaining Twitter v Musk.

“Chance,” one of the people behind the Chancery Daily Twitter account explains why the Delaware court is special. “Every little thing is going to be fought over in a $44 billion transaction, right?” Chance says. “Every little blessed thing.” If you were wondering how the Twitter v Musk sausage is made in Delaware’s Chancery Court, this is the inside-baseball podcast for you.

The real victims of Facebook catfish scams are the scammers, who have been human trafficked into scamming as a job.

Extraordinary investigative work from Cambodian news outlet VOD, interviewing Indonesian migrant workers who were allegedly brought to Cambodia and set to work as pretend beautiful women who would like you to invest in their cryptocurrency platform.

The workers say they lived and worked in the same building, and that their personal phones were taken away; one said he was beaten and tased for a mistake. The workers were rescued after one of their siblings saw a “TikTok describing forced labor and detention” that made him suspicious of his sister’s working conditions — he eventually sought out an NGO that intervened.

Turns out the Apple Watch Ultra is about the same size as a Fig Newton.

In a TikTok video, Victoria Song, who reviewed the Apple Watch Ultra, compared the large smartwatch to a bunch of common household objects, like an AirPods case and a stack of quarters. One of the closest comparisons? A Fig Newton.

The collapse of Three Arrows Capital has not put a dent in unsecured crypto lending.

And because crypto is a relatively “concentrated ecosystem,” there are systemic risks, S&P analyst Alex Birry tells Reuters. Which means the domino effect we saw this summer? That could absolutely happen again.

Iran blocks mobile internet and social media in an attempt to curb growing protests.

For days, Iran has been gripped by major protests after the death of 22 year old Mahsa Amini at the hands of the “morality police.” The latest data from NetBlocks shows how the regime is responding: by making it all but impossible to access Instagram and WhatsApp, some of the only major social media apps accessible in the country.

⚠️ #Iran is now subject to the most severe internet restrictions since the November 2019 massacre.

▶️ Mobile networks largely shut down (MCI, Rightel, Irancell - partial)
▶️ Regional disruptions observed during protests
▶️ Instagram, WhatsApp restrictedhttps://t.co/8cCHIJA2Oi

— NetBlocks (@netblocks) September 21, 2022

Meta and Google’s definitely-not-layoffs prod employees to compete for new jobs.

Meta isn’t saying it’s laying off employees, but the WSJ reports department reorganizations are sending “a significant number of staffers” into a purgatory internally referred to as “the 30 day list” as they seek other jobs internally.

When Google cut half of the incubating projects within Area 120 last week, it gave people until January to find new jobs, a longer than usual window. 1,400 staffers petitioned for more time for internal job searches in the spring.

More Stories