Stick ’em up. On September 6, the Los Angeles Unified School District (LAUSD) was hit with a ransomware attack that shut down the district’s computer systems and required password changes for 70,000 employees and 540,000 students.

The hackers behind the attack have issued a ransom demand, LAUSD Superintendent Alberto Carvalho told the LA Times last Tuesday, though he didn’t specify the amount nor whether the district intends to pay.

“There has been no response to the demand,” Carvalho said, adding that LAUSD is working on “our ramping up of apps and systems.”

While the district has been getting back on its feet since the attack, it’s been slow going. The district called changing passwords the “biggest challenge” to recovery.

Lying in wait. Director of the Tech + Narrative Lab and a professor at the Pardee Rand Graduate School Todd Richmond noted that in the LAUSD case, what’s most threatening may not even be the attack itself—but rather, what could come after.

“I worry less about the ransomware attacks, and I worry more about the Trojan horses that are being installed for use at a later date,” Richmond told IT Brew.

The Trojan horse attack Richmond warned about is still a concern. The Verge last week reported that LAUSD was the subject of a prior hack in February 2021, one that used a TrickBot Trojan to install ransomware.

According to anti-ransomware platform Halcyon CEO Jon Miller, the presumption can’t be that the attackers are out of the system until it’s been completely secured.

“Even if a victim has backups, they will need weeks and months of expensive recovery and incident response that must be completed to ensure the network is safe to run fully again,” Miller told The Verge.

Read more here.—EH

Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @EoinHiggins_ on Twitter.

The hackers who targeted the Los Angeles Unified School District (LAUSD) over Labor Day weekend have escalated their efforts by demanding ransom, LA schools Supt. Alberto Carvalho told the LA Times this week.

Reports have linked the shakedown to “Vice Society”—an extortion group that the FBI, CISA, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) issued warnings about days after the breach was first announced.

The agencies’ Sept. 6 advisory revealed details of the Vice group, along with ways to recognize and defend against its tactics. The lengthy list of ransomware-prevention recommendations from at least one agency that considers itself the nation’s cybersecurity “quarterback” suggests that schools—always packed with students and students’ personal data—have become an enticing mark for hackers.

“K–12 institutions may be seen as particularly lucrative targets due to the amount of sensitive student data accessible through school systems or their managed service providers,” the advisory said.

Who is Vice Society? Not the new Grand Theft Auto, Vice Society is an “intrusion, exfiltration, and extortion hacking group” that has deployed versions of HelloKitty/FiveHands and Zeppelin ransomware, CISA said. Moving laterally with tools like PowerShell Empire and Cobalt Strike, Vice Society, according to the agency, has “been observed escalating privileges, then gaining access to domain administrator accounts, and running scripts to change the passwords of victims’ network accounts.”

Why this matters. The joint report arrived after a string of 2022 ransomware attacks targeting schools and universities, most notably and recently the LAUSD outage. Other 2022 ransomware incidents have hit Lincoln College in Illinois and the Mansfield, Texas, school district.

Read the rest here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @BillyHurls on Twitter.

Today’s top IT reads.

Stat: 14. That’s the number of HBCUs being added to IBM’s cybersecurity training center program, which makes 20 in total. (EdScoop)

Quote: “We will continue to be the stewards of Moore’s law.”—Intel CEO Pat Gelsinger, during the company’s developer-focused Intel Innovation event (Ars Technica)

Read: Here’s what PC builders and buyers alike might want to learn about Windows 11’s Trusted Platform Module (TPM) requirements. (PCMag)

Learn: Don’t miss out on Strategy for Creators, Morning Brew’s 1-week master class made by creators for creators. Our very own co-founder Alex Lieberman and a lineup of guests are ready to help you reach the goals you have for your business, brand, and audience—no matter the industry. Reserve your seat today.

Help your clients: Reach monetization faster with membership software trusted by the web’s biggest creators. Memberful handles the nuts and bolts of bringing membership to WordPress sites, so your clients reach their audience and cash in on content. Try it for free.*

^{*This is sponsored advertising content.}