Los Angeles Unified School District has announced it has been struck by a ransomware attack, after the organization detected and reviewed unusual activity in its IT systems over the weekend.
Los Angeles Unified is the second largest School District in the US, enrolling more than 640,000 students from kindergarten to 12th grade across 710 square miles. That area includes Los Angeles and 31 smaller municipalities, as well as several unincorporated sections of Los Angeles County.
Although the origin of the attack is yet to be identified, the organization says it is likely to be criminal after assessing with law enforcement agencies.
While it continues to investigate, the District says it has implemented a response protocol to mitigate the disruptions – including access to email, computer systems, and applications.
“We are working collaboratively with our partners to address any and all impacted services,” it said. “While we do not expect major technical issues that will prevent Los Angeles Unified from providing instruction and transportation, food or Beyond the Bell services, business operations may be delayed or modified.
“Based on a preliminary analysis of critical business systems, employee healthcare and payroll are not impacted, nor has the cyber incident impacted safety and emergency mechanisms in place at schools.”
After contact with officials over the holiday weekend, Los Angeles Unified said the White House brought together the Department of Education, the FBI, and CISA to provide rapid incident response. At its request, the agencies moved to assess, protect and advise Los Angeles Unified's response, as well as future planned mitigation protocols.
Looking forward, the organization has published a plan of action, advised by public and private sector tech and cyber security professionals, to determine additional protections for the area.
“Presently, federal investigative and technical experts are working on-site, collaboratively, with the Information Technology Division,” it added.
LAU says it either has or will be implementing several new measures, including the setting up of an independent IT task force, an advisory council, the appointment of a tech advisor, as well as the creation of an expert team to deploy solutions. That’s on top of additional human resources, tech investments, budget appropriation, cyber security training for employees, and a forensic review of systems.
The incident is the second cyber attack to impact education networks within the last three weeks after the Mansfield Independent School District also announced on August 23 that it had been struck by an attack.
Escape the ransomware maze
Conventional endpoint protection tools just aren’t the best defence anymore
Mansfield said the attack resulted in an outage of all the district’s systems that required internet connectivity, including Skyward, email, its website, and phone services. The organization confirmed the incident was a ransomware attack on its Twitter feed.
The US has released a joint Cybersecurity Advisory (CSA) detailing how ransomware is increasingly targeting critical infrastructure such as K-12 institutions.
Although the culprits of these latest two attacks are still unknown, the FBI, CISA, and the MS-ISAC said they have discovered Vice Society actors “disproportionately targeting the education sector with their attacks”.
“The FBI, CISA, and the MS-ISAC anticipate attacks may increase as the 2022/2023 school year begins and criminal ransomware groups perceive opportunities for successful attacks,” it said.
