Los Angeles Unified School District has announced it has been struck by a ransomware attack, after the organization detected and reviewed unusual activity in its IT systems over the weekend.
Los Angeles Unified is the second largest School District in the US, enrolling more than 640,000 students from kindergarten to 12th grade across 710 square miles. That area includes Los Angeles and 31 smaller municipalities, as well as several unincorporated sections of Los Angeles County.
Although the origin of the attack is yet to be identified, the organization says it is likely to be criminal after assessing with law enforcement agencies.
While it continues to investigate, the District says it has implemented a response protocol to mitigate the disruptions – including access to email, computer systems, and applications.
“We are working collaboratively with our partners to address any and all impacted services,” it said. “While we do not expect major technical issues that will prevent Los Angeles Unified from providing instruction and transportation, food or Beyond the Bell services, business operations may be delayed or modified.
“Based on a preliminary analysis of critical business systems, employee healthcare and payroll are not impacted, nor has the cyber incident impacted safety and emergency mechanisms in place at schools.”
After contact with officials over the holiday weekend, Los Angeles Unified said the White House brought together the Department of Education, the FBI, and CISA to provide rapid incident response. At its request, the agencies moved to assess, protect and advise Los Angeles Unified's response, as well as future planned mitigation protocols.
Looking forward, the organization has published a plan of action, advised by public and private sector tech and cyber security professionals, to determine additional protections for the area.
“Presently, federal investigative and technical experts are working on-site, collaboratively, with the Information Technology Division,” it added.
LAU says it either has or will be implementing several new measures, including the setting up of an independent IT task force, an advisory council, the appointment of a tech advisor, as well as the creation of an expert team to deploy solutions. That’s on top of additional human resources, tech investments, budget appropriation, cyber security training for employees, and a forensic review of systems.
The incident is the second cyber attack to impact education networks within the last three weeks after the Mansfield Independent School District also announced on August 23 that it had been struck by an attack.
RELATED RESOURCE
Escape the ransomware maze
Conventional endpoint protection tools just aren’t the best defence anymore
Mansfield said the attack resulted in an outage of all the district’s systems that required internet connectivity, including Skyward, email, its website, and phone services. The organization confirmed the incident was a ransomware attack on its Twitter feed.
The US has released a joint Cybersecurity Advisory (CSA) detailing how ransomware is increasingly targeting critical infrastructure such as K-12 institutions.
Although the culprits of these latest two attacks are still unknown, the FBI, CISA, and the MS-ISAC said they have discovered Vice Society actors “disproportionately targeting the education sector with their attacks”.
“The FBI, CISA, and the MS-ISAC anticipate attacks may increase as the 2022/2023 school year begins and criminal ransomware groups perceive opportunities for successful attacks,” it said.
-
The unseen risk in Microsoft 365: disaster recoveryBusinesses that assume they’re covered for data backup could come unstuck in a time of crisis
-
Anthropic CEO Dario Amodei's prediction about AI in software development is nowhere nearly to becoming a realityNews In March, Anthropic CEO Dario Amodei claimed up to 90% of code would be written by AI within six months – his prediction hasn't quite come to fruition.
-
Prolific ransomware operator added to Europe’s Most Wanted list as US dangles $10 million rewardNews The US Department of Justice is offering a reward of up to $10 million for information leading to the arrest of Volodymyr Viktorovych Tymoshchuk, an alleged ransomware criminal.
-
Jaguar Land Rover “did the right thing” shutting down systems to thwart cyber attackNews The attack on Jaguar Land Rover highlights the growing attractiveness of the automotive sector
-
Ransomware attack on IT supplier disrupts hundreds of Swedish municipalitiesNews The attack on IT systems supplier Miljödata has impacted public sector services across the country
-
A notorious hacker group is ramping up cloud-based ransomware attacksNews The Storm-0501 threat group is refining its tactics, according to Microsoft, shifting away from traditional endpoint-based attacks and toward cloud-based ransomware.
-
Security researchers have just identified what could be the first ‘AI-powered’ ransomware strain – and it uses OpenAI’s gpt-oss-20b modelNews Using OpenAI's gpt-oss:20b model, ‘PromptLock’ generates malicious Lua scripts via the Ollama API.
-
Data I/O shuts down systems in wake of ransomware attack
News Regulatory filings by Data I/O suggest the costs of dealing with the attack could be significant
-
Average ransom payment doubles in a single quarterNews Targeted social engineering and data exfiltration have become the biggest tactics as three major ransomware groups dominate
-
BlackSuit ransomware gang taken down in latest law enforcement sting – but members have already formed a new groupNews The notorious gang has seen its servers taken down and bitcoin seized, but may have morphed into a new group called Chaos
