A ransomware assault that was directed at the massive Los Angeles school district resulted in an unprecedented shutdown of its computer systems. This comes at a time when schools are finding themselves more exposed to cyber intrusions as the new school year begins.
The attack on the Los Angeles Unified School District sounded alarms across the nation, including urgent discussions with the White House and the National Security Council after the first signs of ransomware were discovered late Saturday night, as well as mandated password changes for 540,000 students and 70,000 district employees. The attack on the Los Angeles Unified School District also sounded alarms across the country.
Despite the fact that the assault used software that encrypts data and won’t release it until a ransom is paid, the head of the district said that there was no immediate demand for money, and schools in the nation’s second-largest district began as planned on Tuesday.
As a result of the epidemic, schools in the United States are more vulnerable to these kinds of assaults, and since the beginning of the previous year, there have been numerous high-profile occurrences that have been documented. In the past, ransomware gangs have organised large assaults on holiday weekends in the United States, when they are aware that the number of people working in information technology would be reduced and security professionals will be taking time off.
Despite the fact that it was not immediately clear when the LA attack began — officials have only said when it was detected and a district spokesperson declined to answer additional questions — the discovery made on Saturday night has reached the highest levels of the federal government’s cybersecurity agencies.
According to a senior administration source, this pattern of help was consistent with the Biden administration’s attempts to offer maximum aid to important businesses that were harmed by similar breaches. This information was provided by an administration official.
The official, who discussed the federal response under the condition of anonymity, stated that the school district did not pay the ransom, but the official would not provide any additional information regarding what potentially could have been stolen or damaged, as well as what systems were affected by the breach.
The answer given by the White House to the intrusion in Los Angeles is reflective of a rising worry for the nation’s security: According to the findings of a poll conducted and released by the Pew Research Center only a month ago, 71 percent of Americans believe that cyberattacks launched against the United States from other nations constitute a big danger.
Authorities believe that the attack in Los Angeles originated in another country and have pinpointed three countries as possible origins; however, Los Angeles Superintendent Alberto Carvalho would not comment on which countries may be involved in the incident. The vast majority of ransomware perpetrators are native Russian speakers who function independently of the Kremlin.
Officials in Los Angeles County did not identify the malware that was employed.
According to Brett Callow, a ransomware expert at the cybersecurity company Emsisoft, there have been a total of 26 school districts in the United States, including the Los Angeles Unified School District, as well as 24 colleges and institutions that have been affected by ransomware so far in 2018.
Many hackers utilise the same technologies to steal sensitive information and then seek extortion payments from victims since victims are increasingly reluctant to pay to have their data released. If the victim does not pay, the data will be published on the internet.
The largest school system in Albuquerque was targeted by a ransomware extortion assault in January, which caused schools to be closed for two days. In Baltimore City, the reaction to a 2019 cyberattack on the city’s computer infrastructure cost upwards of $18 million.
Carvalho said that staff members initially became suspicious of “strange behaviour” at around 10:30 p.m. on Saturday night, which led to the discovery of the assault in Los Angeles. The perpetrators appear to have targeted the facilities systems, which involve information about private-sector contractor payments rather than confidential details like payroll, health, and other data. These payments are publicly available through requests for records, so the perpetrators may have been able to access this information.
He said that the district’s IT personnel discovered the virus and prevented it from spreading, but this did not happen until after it affected important network systems, making it necessary to change the passwords for all of the staff members and kids.
Separately on Tuesday, federal police issued a warning about the possibility of ransomware attacks being carried out by a criminal organisation known as Vice Society. This organisation is believed to have focused a disproportionate amount of their operations on the education sector.
The authorities have not said if they suspect Vice Society was involved in the assault in Los Angeles, and the organisation did not react to a request for comment made on Tuesday by the authorities.
According to security analysts, Vice Society emerged for the first time in May 2021 and, rather than using a new strain of ransomware, it has employed ransomware that is commonly accessible in the underground Russian-speaking community. The Vice Society has named the Elmbrook School district in Wisconsin and the Savannah College of Art and Design as two of its purported victims.
After high-profile assaults like the one that occurred with the Colonial Pipeline the previous year, which caused lines to form at gas stations, ransomware groups often disband. After that, their constituents reorganise themselves under new names.
The municipality intends to conduct a forensic investigation of the incident in order to determine what measures might be taken to protect against future intrusions.