classroom

Los Angeles School District Hit by Ransomware Attack

A cyberattack targeting the Los Angeles Unified School District caused a significant system outage in the country’s second-largest school district over Labor Day weekend.

The attack disrupted technology used for lessons and attendance and barred students and staff from accessing their emails. Though the attackers used ransomware software for the breach, the school district has yet to receive any monetary demands.

The district confirmed in a statement Monday that the FBI and Department of Homeland Security are assisting local law enforcement in investigating the incident.

“Los Angeles Unified detected unusual activity in its Information Technology systems over the weekend, which after initial review, can be confirmed as an external cyberattack on our Information Technology assets. Since the identification of the incident, which is likely criminal in nature, we continue to assess the situation with law enforcement agencies.”

Authorities believe the attack may have originated internationally and identified three possible countries they have not released to the public.

Ransomware attacks are on the rise in the educational sector. The Los Angeles breach was the 50th cyberattack on educational institutions this year. The migration of school systems to virtual classrooms during the pandemic led to increasingly vulnerable cyberinfrastructures.

Embed from Getty Images

Many schools are underfunded and lack the resources to retain adequate IT staff. Attacks are often planned during holidays when IT security staff is likely to be even sparser. The ideal timeline is often at the beginning of the school year when students return to school, and schools are more likely to pay demands to avoid problems that a catastrophic shutdown could cause.

The hackers did not take any Social Security or medical information and instead targeted systems containing information about private-sector contractor payments. However, the widescale breach points to the continued penetrability of schools’ cyberinfrastructures.

In January, a ransomware extortion attack on the biggest school district in Albuquerque, New Mexico, caused schools to shut down for two days. In May, a data breach in the Chicago Public School system exposed four years’ worth of records of half a million students and 60,000 employees.

One attendance counselor told the LA Times how the shutdown impacted the school’s ability to check on students.

“We do have paper attendance we will be collecting, but I would usually call home or go on home visits to find out students’ whereabouts. Unfortunately, with not having access to their information, I will not be able to find out where those students are. As it is, after the pandemic, we have been working hard to find students.”

Embed from Getty Images

The district implemented a response protocol to avoid immediate widescale impact and to prevent future attacks. The district plans to invest in new IT security technology, hire personnel skilled in technology management, and train employees in cybersecurity responsibility.

Because the attack was detected Saturday, Students could return to class Tuesday morning. Students and teachers had to reset their passwords but could resume their usual schedules.