IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Second-largest US school district falls to ransomware attack

Los Angeles Unified School District detected “unusual activity” across its IT systems over the weekend

Los Angeles Unified School District has announced it has been struck by a ransomware attack, after the organization detected and reviewed unusual activity in its IT systems over the weekend.

Los Angeles Unified is the second largest School District in the US, enrolling more than 640,000 students from kindergarten to 12th grade across 710 square miles. That area includes Los Angeles and 31 smaller municipalities, as well as several unincorporated sections of Los Angeles County.

Although the origin of the attack is yet to be identified, the organization says it is likely to be criminal after assessing with law enforcement agencies.

While it continues to investigate, the District says it has implemented a response protocol to mitigate the disruptions – including access to email, computer systems, and applications. 

“We are working collaboratively with our partners to address any and all impacted services,” it said. “While we do not expect major technical issues that will prevent Los Angeles Unified from providing instruction and transportation, food or Beyond the Bell services, business operations may be delayed or modified. 

“Based on a preliminary analysis of critical business systems, employee healthcare and payroll are not impacted, nor has the cyber incident impacted safety and emergency mechanisms in place at schools.”

After contact with officials over the holiday weekend, Los Angeles Unified said the White House brought together the Department of Education, the FBI, and CISA to provide rapid incident response. At its request, the agencies moved to assess, protect and advise Los Angeles Unified's response, as well as future planned mitigation protocols.

Looking forward, the organization has published a plan of action, advised by public and private sector tech and cyber security professionals, to determine additional protections for the area.

“Presently, federal investigative and technical experts are working on-site, collaboratively, with the Information Technology Division,” it added.

LAU says it either has or will be implementing several new measures, including the setting up of an independent IT task force, an advisory council, the appointment of a tech advisor, as well as the creation of an expert team to deploy solutions. That’s on top of additional human resources, tech investments, budget appropriation, cyber security training for employees, and a forensic review of systems.

The incident is the second cyber attack to impact education networks within the last three weeks after the Mansfield Independent School District also announced on August 23 that it had been struck by an attack.

Related Resource

Escape the ransomware maze

Conventional endpoint protection tools just aren’t the best defence anymore

Whitepaper cover with overhead image of a man sat at a deska with a computer in the centre of a maze in the shadowsFree Download

Mansfield said the attack resulted in an outage of all the district’s systems that required internet connectivity, including Skyward, email, its website, and phone services. The organization confirmed the incident was a ransomware attack on its Twitter feed.

The US has released a joint Cybersecurity Advisory (CSA) detailing how ransomware is increasingly targeting critical infrastructure such as K-12 institutions. 

Although the culprits of these latest two attacks are still unknown, the FBI, CISA, and the MS-ISAC said they have discovered Vice Society actors “disproportionately targeting the education sector with their attacks”.

“The FBI, CISA, and the MS-ISAC anticipate attacks may increase as the 2022/2023 school year begins and criminal ransomware groups perceive opportunities for successful attacks,” it said.

Featured Resources

AI for customer service

IBM Watson Assistant solves customer problems the first time

View now

Solve cyber resilience challenges with storage solutions

Fundamental capabilities of cyber-resilient IT infrastructure

Free Download

IBM FlashSystem 5000 and 5200 for mid-market enterprises

Manage rapid data growth within limited IT budgets

Free download

Leverage automated APM to accelerate CI/CD and boost application performance

Constant change to meet fast-evolving application functionality

Free Download

Recommended

Bechtle acquires UK’s ACS Systems, furthering European expansion ambitions
channel

Bechtle acquires UK’s ACS Systems, furthering European expansion ambitions

25 Nov 2022
Zen Internet announces duo of new leadership appointments
Business strategy

Zen Internet announces duo of new leadership appointments

24 Nov 2022
Wipro launches European cyber security consultancy services
Security

Wipro launches European cyber security consultancy services

23 Nov 2022
Why FoodTech M&A activity has stopped surging
mergers and acquisitions

Why FoodTech M&A activity has stopped surging

22 Nov 2022

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
Google rolls out patch for high-severity Chrome browser zero day
zero-day exploit

Google rolls out patch for high-severity Chrome browser zero day

25 Nov 2022