Ransomware Attack Hits America’s Top School District LA Unified, FBI Joins Investigation

On Tuesday, Los Angeles Unified (LAUSD) said a ransomware attack hit it the first weekend of September. Initially suspected of technical issues, LAUSD later confirmed that it was a criminal ransomware attack that impacted its email and other computer systems and applications.

Although the attack is cause for concern, LAUSD expects to operate normally in the coming days. Critical business systems are unaffected, including employee healthcare, payroll, security, and emergency mechanisms.

However, some business operations such as transportation, food or Beyond the Bell services could be delayed due to the ransomware attack whose perpetrator(s) remain unknown at this time.

LAUSD is the second largest school district in the United States, with more than 640,000 kindergarten through twelfth grade (K-12) students studying in 31 municipalities under its jurisdiction.

“With children returning to school across the country, it’s sadly no surprise that cybercriminals have seized the opportunity to disrupt critical systems in America’s second-largest school district,” Stephan said. Chenette, co-founder and CTO of AttackIQ, at Spiceworks. .

“Educational institutions continue to be an attractive target for cybercriminals because they store large amounts of valuable personally identifiable information (PII) and often lack critical resources for appropriate security measures,” Chenette continued.

“School districts’ lack of staff and resources to defend against cyber threats makes them an attractive target for cybercriminals. The consequences of a ransomware attack on underfunded school systems can be crippling, both financially and in terms of data loss.

Learn more: RagnarLocker Ransomware Gang claims TAP Air Portugal as its second victim in two weeks

LAUSD responded to the ransomware attack by contacting the federal government, whose response was “immediate and complete,” the school district mentioned in the press release. As a result, the FBI, Department of Education, and CISA, supported by local law enforcement, joined forces to respond to the incidents.

“At the District’s request, agencies have mobilized significant resources to assess, protect and advise Los Angeles Unified’s response, as well as planned future mitigation protocols.”

Education is one of the top 10 most targeted sectors by ransomware syndicates. Between March 2021 and April 2022, the education sector was targeted around 35 times (finance is the highest, with over 80 attacks in the same period), according to the 2022 incident response report by unit 42 of Palo Alto Networks. The education sector’s median ransom demand between March 2021 and April 2022 is $0.69 million, ranking it 10th.

While the cybercriminal group behind the LAUSD ransomware attack remains unknown, the ransomware gangs that most attacked educational organizations during the same period were LockBit/LockBit 2.0, Conti, Hive, BlackCat, Dharma , REvil, BlackMatter, and Phobos, in that order.

In a separate space alert Jointly released by CISA and the FBI, federal agencies warn Vice Society organizations are “disproportionately targeting the education sector with ransomware attacks.”

The FBI and CISA advisory is based on their much more recent investigation than that of Unit 42. Both agencies said they anticipate an increase in ransomware attacks by opportunistic threat actors early in the year. school year 2022/2023. The FBI and CISA described the Vice Society’s Indicators of Compromise (IOC) and Tactics, Techniques, and Procedures (TTPs).

“To prevent another similar attack, school districts should study common tactics, techniques, and procedures used by common threat actors, which will help them create more resilient security detection, prevention, and response programs, specifically tailored to these known behaviors, Chenette added.

“Organizations should use automated solutions that securely validate their defensive controls against ransomware campaigns and techniques to better prepare for the next threat.”

He also advised organizations to monitor and analyze owned and managed assets to potential vulnerabilities as ransomware gangs can exploit.

Let us know if you enjoyed reading this news on LinkedIn, TwitterWhere Facebook. We would like to hear from you!


Comments are closed.