A cyberattack has happened in the Los Angeles School District, country on alert

LOS ANGELES — A ransomware attack on the huge Los Angeles school district brought unprecedented shutdowns of computer systems as schools became increasingly vulnerable to cyber breaches earlier in the year.

Attacks on the Los Angeles Unified School District have alarmed the nation, from emergency talks with the White House and the National Security Council (NSC) to mandatory password changes for 540,000 students and 70,000 school district employees after the first signs of ransomware were discovered late Saturday night. sounded.

The attack used technology that encrypts data and doesn’t unlock unless you pay a ransom, but in this case, the superintendent said there was no immediate demand for money and schools in the nation’s second-largest school district reopened as scheduled on Tuesday. .

These attacks have become an increasingly serious threat to US schools, and since last year there have been several reports of high-profile incidents as the epidemic’s growing reliance on technology. Ransomware gangs have in the past planned massive attacks over US holiday weekends when they know their IT staff will dwindle and security professionals will take a break.

It’s not immediately clear when the LA attack started, but officials said only when it was detected, and a local spokesperson declined to answer further questions, but Saturday night’s discovery reached the highest level of the federal government’s cybersecurity agency.

According to senior administration officials, this pattern of support is consistent with the Biden administration’s efforts to provide maximum support to key industries impacted by these violations.

The official, who requested anonymity to discuss the federal response, said the school district did not pay the ransom but would not go into detail about items that could have been potentially stolen or damaged and the systems affected by the violation.

The White House’s response to the LA invasion reflects growing concerns about national security. A Pew Research Center survey released last month found that 71% of Americans said that cyberattacks from other countries were a major threat to the United States.

Authorities believe the LA attack started internationally, and LA Superintendent Alberto Carvalho did not say which countries could be involved, but he has identified three potential countries where the LA attack could occur. Most ransomware offenders are Russian-speaking users who operate without interference from the Kremlin.

LA officials were unable to identify the ransomware used.

“This was a cowardly act,” said Nick Melvoin, vice president of the school board, “a criminal act against children, teachers and the educational system.”

So far this year, 26 US school districts and 24 universities, including Los Angeles, have been hit by so-called ransomware, according to Brett Callow, a ransomware analyst at cybersecurity firm Emsisoft.

With more and more victims refusing to pay for data unlocking, many cybercriminals are using the same techniques to steal sensitive information and demand extortion fees. If the victim doesn’t pay, the data is dumped online.

At least 31 of the schools affected this year, Callow said, had data stolen and made available online. Since August 1, the school district said eight schools had been affected. The surge in schools at the end of the summer break is hardly a coincidence, he said. .

“This is the biggest threat to our safety,” said Los Angeles Police Commissioner Michel Moore. “An invisible enemy, tireless.”

Tireless and costly, even outside the monetary demands. Schools were closed for two days in January following a ransomware extortion attack in Albuquerque’s largest school district, and the city of Baltimore cost more than $18 million to respond to computer server attacks in 2019.

The LA attack was discovered around 10:30 p.m. Carvalho said on Saturday when an employee first detected “abnormal activity.” The perpetrators appear to have targeted facility systems that contain information about private sector contractor payments publicly available through request for records, rather than confidential details such as payroll, health and other data.

He said local IT officials detected and blocked the malware, but only after it infected key network systems must reset passwords for all faculty and students.

Authorities have been busy tracking down intruders and limiting potential damage.

“We basically shut down all of our systems, each one was checked and all but one facility system restarted late Monday night,” Carvalho said.

On Tuesday, federal authorities separately warned of a potential ransomware attack by a criminal organization known as Vice Society, a criminal organization known to have disproportionately targeted the education sector.

Authorities did not say whether they believed the Vice Society was involved in the LA attack and did not respond to a request for comment on Tuesday.

“The fact that a joint cybersecurity advisory involving the Vice Society was published days after the attacks on LAUSD were discovered may be meaningful, especially since these gangs frequently target the education sector in the US and UK,” Callow said. said. Ransomware expert.

Vice Society first appeared in May 2021 and used a popular Russian-speaking underground ransomware instead of its own variant, security researchers said. Among the victims claimed by the Vice Society are the Elmbrook School District in Wisconsin and the Savannah College of Art and Design.

Ransomware gangs are routinely disbanded after high-profile attacks such as last year’s Colonial Pipeline incident that triggered executions on gas stations. The member is then reorganized under the new name.

There was pressure to cancel schools in Los Angeles on Tuesday, but officials eventually decided to open them.

Carvalho said there could be “fatal” consequences if no activity was found on Saturday night.

“If we had lost the ability to drive school buses, more than 40,000 students would not have been able to go to school.

The District plans to conduct a forensic audit of the attack to see what it can do to prevent future intrusions.

“Every teacher, every staff member, every student can be a weakness,” said Soheil Katal, the district’s CIO.

Leave a Reply

Your email address will not be published.