Los Angeles Unified, Feds Investigating As Ransomware Attack Cripples IT Systems

Nation's Second-Largest School District Says Cyber Attack Occurred Over Labor Day Weekend

A ransomware attack over Labor Day weekend brought to a standstill the online systems of Los Angeles Unified School District, the second-largest K–12 district in the country with about 640,000 students, LAUSD officials confirmed this morning in a statement on its website.

Los Angeles Unified School District tweet early Sept 6, 2022, confirming it has been the victim of a cyber attack.Late Monday, LAUSD teachers told LAist.com that they were unable to access email, the Google Classroom suite, or instructional apps that connect to Google Classroom like Schoology. The Los Angeles Times reported that the district website was down late Monday and early today; most of the website was back online by 8 a.m. local time but portions of it — such as the school board information and meeting agendas — were still offline.

Early today, the district revealed that it was, in fact, experiencing an “external cyber attack” on its Information Technology assets, which it characterized as “likely criminal in nature,” and the district said law enforcement response had been swift since the cyber attack was discovered and reported.

Feds Issue Cybersecurity Advisory for Education Sector on Vice Society Ransomware

A joint Cybersecurity Advisory released Tuesday by the FBI, Cybersecurity and Infrastructure Security Agency, and Multi-State Information Sharing and Analysis Center — as those agencies help investigate the Labor Day weekend ransomware attack on Los Angeles Unified School District — warns that Vice Society threat actors are disproportionately targeting the education sector and shares new TTPs and Indicators of Compromise for K–12 IT practitioners. Read more.

“After the district contacted officials over the holiday weekend, the White House brought together the Department of Education, the Federal Bureau of Investigation and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency to provide rapid, incident response support to Los Angeles Unified, building on the immediate support by local law enforcement agencies,” LAUSD said in its statement early today. “At the district’s request, agencies marshaled significant resources to assess, protect and advise Los Angeles Unified's response, as well as future planned mitigation protocols.”

The district statement said schools would open as scheduled today, and officials did not expect “major technical issues that will prevent LAUSD from providing instruction and transportation, food or Beyond the Bell services.” It noted that based on preliminary analysis, healthcare and payroll systems had not been impacted.

“Furthermore, Los Angeles Unified is immediately establishing a plan of action, informed by top public and private sector technology and cyber security professionals, to determine additional protections for the District, and to provide an independent opinion on system-wide protective measures,” said the district’s statement. “We will continue to benefit from the declared assistance of federal and state law enforcement entities to assist with investigative procedures and technical deployment and solutions. Presently, federal investigative and technical experts are working on-site, collaboratively, with the Information Technology Division.”

About the Author

Kristal Kuykendall is editor, 1105 Media Education Group. She can be reached at [email protected].