Second-largest US school district falls to ransomware attack
Los Angeles Unified School District detected “unusual activity” across its IT systems over the weekend


Los Angeles Unified School District has announced it has been struck by a ransomware attack, after the organization detected and reviewed unusual activity in its IT systems over the weekend.
Los Angeles Unified is the second largest School District in the US, enrolling more than 640,000 students from kindergarten to 12th grade across 710 square miles. That area includes Los Angeles and 31 smaller municipalities, as well as several unincorporated sections of Los Angeles County.
Although the origin of the attack is yet to be identified, the organization says it is likely to be criminal after assessing with law enforcement agencies.
While it continues to investigate, the District says it has implemented a response protocol to mitigate the disruptions – including access to email, computer systems, and applications.
“We are working collaboratively with our partners to address any and all impacted services,” it said. “While we do not expect major technical issues that will prevent Los Angeles Unified from providing instruction and transportation, food or Beyond the Bell services, business operations may be delayed or modified.
“Based on a preliminary analysis of critical business systems, employee healthcare and payroll are not impacted, nor has the cyber incident impacted safety and emergency mechanisms in place at schools.”
After contact with officials over the holiday weekend, Los Angeles Unified said the White House brought together the Department of Education, the FBI, and CISA to provide rapid incident response. At its request, the agencies moved to assess, protect and advise Los Angeles Unified's response, as well as future planned mitigation protocols.
Stay up to date with the latest Channel industry news and analysis with our twice-weekly newsletter
Looking forward, the organization has published a plan of action, advised by public and private sector tech and cyber security professionals, to determine additional protections for the area.
“Presently, federal investigative and technical experts are working on-site, collaboratively, with the Information Technology Division,” it added.
LAU says it either has or will be implementing several new measures, including the setting up of an independent IT task force, an advisory council, the appointment of a tech advisor, as well as the creation of an expert team to deploy solutions. That’s on top of additional human resources, tech investments, budget appropriation, cyber security training for employees, and a forensic review of systems.
The incident is the second cyber attack to impact education networks within the last three weeks after the Mansfield Independent School District also announced on August 23 that it had been struck by an attack.
RELATED RESOURCE
Escape the ransomware maze
Conventional endpoint protection tools just aren’t the best defence anymore
Mansfield said the attack resulted in an outage of all the district’s systems that required internet connectivity, including Skyward, email, its website, and phone services. The organization confirmed the incident was a ransomware attack on its Twitter feed.
The US has released a joint Cybersecurity Advisory (CSA) detailing how ransomware is increasingly targeting critical infrastructure such as K-12 institutions.
Although the culprits of these latest two attacks are still unknown, the FBI, CISA, and the MS-ISAC said they have discovered Vice Society actors “disproportionately targeting the education sector with their attacks”.
“The FBI, CISA, and the MS-ISAC anticipate attacks may increase as the 2022/2023 school year begins and criminal ransomware groups perceive opportunities for successful attacks,” it said.
Dan is a freelance writer and regular contributor to ChannelPro, covering the latest news stories across the IT, technology, and channel landscapes. Topics regularly cover cloud technologies, cyber security, software and operating system guides, and the latest mergers and acquisitions.
A journalism graduate from Leeds Beckett University, he combines a passion for the written word with a keen interest in the latest technology and its influence in an increasingly connected world.
He started writing for ChannelPro back in 2016, focusing on a mixture of news and technology guides, before becoming a regular contributor to ITPro. Elsewhere, he has previously written news and features across a range of other topics, including sport, music, and general news.
-
Windows 10: Six essential steps IT teams should take over the next two months
Industry Insights With Windows 10 support ending soon, IT leaders must act now to mitigate risk
-
New chapter, same partners: Keeping the channel aligned with change
Industry Insights How to maintain strong channel partnerships amid evolving strategies and market change
-
The Scattered Spider ransomware group is infiltrating Slack and Microsoft Teams to target vulnerable employees
News The group is using new ransomware variants and new social engineering techniques - including sneaking into corporate teleconferences
-
Hackers breached a 158 year old company by guessing an employee password – experts say it’s a ‘pertinent reminder’ of the devastating impact of cyber crime
News A Panorama documentary exposed hackers' techniques and talked to the teams trying to tackle them
-
The ransomware boom shows no signs of letting up – and these groups are causing the most chaos
News Thousands of ransomware cases have already been posted on the dark web this year
-
Everything we know about the Ingram Micro cyber attack so far
News A cyber attack on Ingram Micro severely disrupted operations and has been claimed by the SafePay ransomware group.
-
A prolific ransomware group says it’s shutting down and giving out free decryption keys to victims – but cyber experts warn it's not exactly a 'gesture of goodwill'
News The Hunters International ransomware group is rebranding and switching tactics
-
Swiss government data published following supply chain attack – here’s what we know about the culprits
News Radix, a non-profit organization in the health promotion sector, supplies a number of federal offices, whose data has apparently been accessed.
-
Ransomware victims are getting better at haggling with hackers
News While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker group
News An analysis of May's SQL database dump shows how much LockBit was really making