(TNS) — The hackers who targeted the Los Angeles Unified School District have made a ransom demand, officials confirmed Tuesday, an indication that the attackers have extracted sensitive data or believe they can bluff the district into thinking that they have.
“We can confirm that there was a demand made,” L.A. schools Supt. Alberto Carvalho said. “There has been no response to the demand.”
Carvalho declined to disclose the amount of the ransom demand or any further information about what information, if any, the attackers may be holding.
He said that there have been “no new security breaches” and that the school system is continuing “our ramping up of apps and systems.”
Officials said they are optimistic that Social Security numbers and other sensitive information of employees remain secure. But the outlook could be different related to student information, such as grades, course schedules, disciplinary records and disability status. The district does not collect Social Security numbers for students and parents.
Earlier Carvalho disclosed that the attackers extended their deadline for entering into negotiations without specifically mentioning a ransom amount. The district, Carvalho added, is following the advice of experts and law enforcement, which includes the FBI as well as the Los Angeles Police Department.
In a related development, federal officials on Friday announced a new major grant program to help public agencies better secure themselves from cyber attack.
The demand for money was widely anticipated in the wake of the cyber attack, which was discovered in progress on the night of Sept. 3, the Saturday of Labor Day weekend.
Hackers will typically threaten to post sensitive data online if they are not paid, but it can be difficult to determine what they’ve obtained, and they might be lying.
In general, such payments are a bad idea, said Clifford Neuman, director of USC’s Center for Computer Systems Security.
“It is important for any organization impacted by ransomware to understand that even if they pay a ransom demand, they will still incur significant IT expense and delays to repair the system,” Neuman said….