UPDATE 9/7/22: The Los Angeles Unified School District held a press conference on Tuesday about the ransomware attack. The district's superintendent said the attackers managed to "alter some systemic elements" of LAUSD's IT systems, which resulted in the mass password resets. The culprits also accessed some data, but no employee payroll data was affected. The superintendent declined to say which ransomware gang struck the district.
Original story:
A ransomware attack has hit the second largest school district in the US, which serves over 640,000 students.
The attack hit the IT systems of the Los Angeles Unified School District (LAUSD), which operates over 1,000 schools in California. On Monday, the district began reporting technical issues that were preventing staffers from accessing resources including email. Hours later, the district confirmed it was experiencing a ransomware attack.
LAUSD has yet to provide details about what data may have been affected. But the incident is serious enough that the district is ordering all staff and students to initiate a password reset for their school accounts. The reset must also be done in-person at a district site. Over 53,000 successful password resets have already been made, according to the district's superintendent.
In addition, the attack has prompted the FBI, the US Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Education to work with the school district on restoring the affected IT systems, which include email, computers, and school-related applications,
It remains unclear who attacked the school district. But on Tuesday, the FBI and CISA issued an alert about a ransomware group known as Vice Society "disproportionately targeting the education sector" with attacks.
The alert warns the FBI and CISA "anticipate attacks may increase as the 2022/2023 school year begins and criminal ransomware groups perceive opportunities for successful attacks. School districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable."
Vice Society hasn't claimed responsibility for the attack on LAUSD. But the group's website on the Dark Web already alleges Vice Society has successfully attacked several other school districts in the US and UK.
Whoever attacked LAUSD also exploited the Labor Day holiday weekend—when employees are usually off work—in order to infiltrate the district’s computer systems. Ransomware often works by encrypting entire fleets of computers to block access and then demanding victims pay up or else lose the data forever. Many ransomware groups will also threaten to publicize information stolen from the victims' computer systems.
Despite the attack, LAUSD schools are open today. “While we do not expect major technical issues that will prevent Los Angeles Unified from providing instruction and transportation, food or Beyond the Bell services, business operations may be delayed or modified,” the district said.
The incident occurs as the ransomware scourge continues to prey on companies, schools, and hospitals. Brett Callow, a researcher at cybersecurity firm Emsisoft, says LAUSD is likely the 50th educational entity in the US to be hit with ransomware this year.