Los Angeles Unified (LAUSD), the second largest school district in the U.S., disclosed that a ransomware attack hit its Information Technology (IT) systems over the weekend.
LAUSD enrolls more than 640,000 students, spanning from kindergarten through 12th grade. It includes Los Angeles and 31 smaller municipalities, as well as several Los Angeles County unincorporated sections.
The school district first revealed districtwide technical issues after discovering that the attackers disrupted access to LAUSD systems, including email servers.
Roughly seven hours later, it confirmed that this was a ransomware attack, tagging the incident as “criminal in nature.”
LAUSD has reported the incident and is working with law enforcement and federal agencies (the FBI and CISA) as part of an ongoing investigation and incident response.
“After the District contacted officials over the holiday weekend, the White House brought together the Department of Education, the Federal Bureau of Investigation (FBI) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to provide rapid, incident response support to Los Angeles Unified, building on the immediate support by local law enforcement agencies,” the district said.
“At the District’s request, agencies marshaled significant resources to assess, protect and advise Los Angeles Unified’s response, as well as future planned mitigation protocols.”
Los Angeles Unified Targeted by Ransomware Attack
— Los Angeles Unified (@LASchools) September 6, 2022
Even though the attack disrupted LAUSD infrastructure, the district says schools will still open today while it works to restore impacted servers, with some expected delays affecting some services.
“While we do not expect major technical issues that will prevent Los Angeles Unified from providing instruction and transportation, food or Beyond the Bell services, business operations may be delayed or modified,” LAUSD added.
“Based on a preliminary analysis of critical business systems, employee healthcare and payroll are not impacted, nor has the cyber incident impacted safety and emergency mechanisms in place at schools.”
The district added that instruction and staffing, as well as payroll processing, were undisrupted by this incident.
In November, the U.S. Department of Education and the Department of Homeland Security (DHS) were urged to strengthen cybersecurity protections at K-12 schools nationwide to keep up with a massive and ongoing wave of attacks.
The call for action came from U.S. Senators Maggie Hassan, Kyrsten Sinema, Jacky Rosen, and Chris Van Hollen after a Government Accountability Office (GAO) report assessing the Education Dept’s current plan for addressing K-12 school threats (issued in 2010) to be significantly outdated and focusing on mitigating physical threats.
According to Emsisoft threat analyst Brett Callow, ransomware attacks have disrupted education at approximately 1,000 universities, colleges, and schools during 2021.
This number was lower than in 2020 (when 1,681 education institutions were affected), mainly because last year’s ransomware attacks have hit smaller school districts.