Los Angeles Unified School District has announced it has been struck by a ransomware attack, after the organization detected and reviewed unusual activity in its IT systems over the weekend.
Los Angeles Unified is the second largest School District in the US, enrolling more than 640,000 students from kindergarten to 12th grade across 710 square miles. That area includes Los Angeles and 31 smaller municipalities, as well as several unincorporated sections of Los Angeles County.
Although the origin of the attack is yet to be identified, the organization says it is likely to be criminal after assessing with law enforcement agencies.
While it continues to investigate, the District says it has implemented a response protocol to mitigate the disruptions – including access to email, computer systems, and applications.
“We are working collaboratively with our partners to address any and all impacted services,” it said. “While we do not expect major technical issues that will prevent Los Angeles Unified from providing instruction and transportation, food or Beyond the Bell services, business operations may be delayed or modified.
“Based on a preliminary analysis of critical business systems, employee healthcare and payroll are not impacted, nor has the cyber incident impacted safety and emergency mechanisms in place at schools.”
After contact with officials over the holiday weekend, Los Angeles Unified said the White House brought together the Department of Education, the FBI, and CISA to provide rapid incident response. At its request, the agencies moved to assess, protect and advise Los Angeles Unified's response, as well as future planned mitigation protocols.
Looking forward, the organization has published a plan of action, advised by public and private sector tech and cyber security professionals, to determine additional protections for the area.
“Presently, federal investigative and technical experts are working on-site, collaboratively, with the Information Technology Division,” it added.
LAU says it either has or will be implementing several new measures, including the setting up of an independent IT task force, an advisory council, the appointment of a tech advisor, as well as the creation of an expert team to deploy solutions. That’s on top of additional human resources, tech investments, budget appropriation, cyber security training for employees, and a forensic review of systems.
The incident is the second cyber attack to impact education networks within the last three weeks after the Mansfield Independent School District also announced on August 23 that it had been struck by an attack.
RELATED RESOURCE
Escape the ransomware maze
Conventional endpoint protection tools just aren’t the best defence anymore
Mansfield said the attack resulted in an outage of all the district’s systems that required internet connectivity, including Skyward, email, its website, and phone services. The organization confirmed the incident was a ransomware attack on its Twitter feed.
The US has released a joint Cybersecurity Advisory (CSA) detailing how ransomware is increasingly targeting critical infrastructure such as K-12 institutions.
Although the culprits of these latest two attacks are still unknown, the FBI, CISA, and the MS-ISAC said they have discovered Vice Society actors “disproportionately targeting the education sector with their attacks”.
“The FBI, CISA, and the MS-ISAC anticipate attacks may increase as the 2022/2023 school year begins and criminal ransomware groups perceive opportunities for successful attacks,” it said.
-
Windows 10: Six essential steps IT teams should take over the next two monthsIndustry Insights With Windows 10 support ending soon, IT leaders must act now to mitigate risk
-
New chapter, same partners: Keeping the channel aligned with changeIndustry Insights How to maintain strong channel partnerships amid evolving strategies and market change
-
The Scattered Spider ransomware group is infiltrating Slack and Microsoft Teams to target vulnerable employeesNews The group is using new ransomware variants and new social engineering techniques - including sneaking into corporate teleconferences
-
Hackers breached a 158 year old company by guessing an employee password – experts say it’s a ‘pertinent reminder’ of the devastating impact of cyber crimeNews A Panorama documentary exposed hackers' techniques and talked to the teams trying to tackle them
-
The ransomware boom shows no signs of letting up – and these groups are causing the most chaosNews Thousands of ransomware cases have already been posted on the dark web this year
-
Everything we know about the Ingram Micro cyber attack so farNews A cyber attack on Ingram Micro severely disrupted operations and has been claimed by the SafePay ransomware group.
-
A prolific ransomware group says it’s shutting down and giving out free decryption keys to victims – but cyber experts warn it's not exactly a 'gesture of goodwill'
News The Hunters International ransomware group is rebranding and switching tactics
-
Swiss government data published following supply chain attack – here’s what we know about the culpritsNews Radix, a non-profit organization in the health promotion sector, supplies a number of federal offices, whose data has apparently been accessed.
-
Ransomware victims are getting better at haggling with hackersNews While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker groupNews An analysis of May's SQL database dump shows how much LockBit was really making
