The Los Angeles Unified School District (LAUSD) confirmed that a ransomware attack targeted its Information Technology infrastructure, prompting a shutdown of its computer systems.
In a statement, the district said it continued to assess the situation with law enforcement agencies. The statement said that access to email, computer systems and applications were disrupted but did not state whether a ransom was paid.
The attack was discovered around 10:30 p.m. Saturday when staff detected unusual activity, LAUSD superintendent Alberto Carvalho said. The threat actors targeted the facilities systems, including information about contractor payments, rather than confidential details like payroll, health and other data, NPR reports. Carvalho noted that IT officials detected malware and stopped it from spreading, but not until it infected network systems. As a result, staff and students have been asked to reset passwords.
"We basically shut down every one of our systems," Carvalho said. He noted noting that each system, except the facilities system, had been checked and restarted by late Monday night, when the district first notified the public of the hit, NPR says.
According to NPR, a senior administration official, who spoke on the condition of anonymity to discuss the response by the Biden administration, said LAUSD did not pay the ransom but did not go into detail about what data may have been stolen, or what systems were affected by the breach.
Later, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint advisory to warn of indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with Vice Society actors, which target the education sector with ransomware attacks. The advisory, however, did not say whether Vice Society actors were involved in the LAUSD attack.
"This egregious cyberattack is the latest example of the pervasive threat that predatory cybercriminals pose to everyone from multinational businesses to young school children," says Darren Guccione, CEO and Co-Founder at Keeper Security. "It takes all of us doing our part to raise awareness, which further empowers the collective cybersecurity protection of our communities. It is imperative to practice good cyber hygiene by using strong and unique passwords for all of our applications, websites and systems, on every device. Education among institutional staff, faculty and the student body is also important. This helps identify suspicious phishing emails or smishing text messages that seek to install malware into critical systems, prevent user access and steal sensitive data. The foregoing protections will help secure essential organizations that have a pervasive impact on the educational development of our children and the public at large."