Los Angeles School District Hit by Ransomware AttackK-12 Schools Increasingly Are Ransomware Targets
A ransomware attack is disrupting some operations at California's largest public school system just weeks after the start of the new academic year.
The Los Angeles Unified School District says it "detected unusual activity" over the weekend that was later identified as ransomware likely motivated by criminal gain. Fundamental school system functions - including instruction and transportation, food and after-school programs - are unaffected. The district serves more than 600,000 students, making it the second-largest in the United States.
The attack disrupted the district's email system and other applications. Critical business systems, such as employee healthcare, payroll systems, and school safety and emergency mechanisms, remain unaffected, the district says. It has sought assistance from the FBI and the Cybersecurity and Infrastructure Security Agency.
Ransomware gangs have ramped up attacks against school systems particularly after the novel coronavirus pandemic forced hasty adoption of remote tools for teaching. The FBI in March 2021 warned school systems about unidentified threat actors specially targeting K-12 schools with PYSA ransomware.
The nonprofit K12 Security Information eXchange says it knows of 62 ransomware attacks on schools during 2021 but warns that public reporting by school districts could undercount the number of actual attacks by a factor of 10 to 20.
The Government Accountability Office last October warned that the Department of Education hasn't updated cybersecurity guidance for the K-12 sector since 2010, making the sector less likely to have access to federal support to help protect from cyberattacks.
Ransomware attacks can be costly incidents for school districts, which are typically financially pressed. A 2020 Ryuk ransomware attack against Baltimore County Public Schools cost nearly $9.7 million in recovery expenses.
The Los Angeles Unified School District says it will implement the following measures:
- Set up an independent IT task force that will develop recommendations to improve the IT infrastructure security within 90 days and share monthly status updates about it.
- Deploy skilled human resources, especially IT personnel, at all sites affected by the ransomware attack to assist with potential technical issues.
- Conduct a "full-scale" reorganization of departments and systems to bolster data safeguards.
- Expand ongoing assistance from federal and state law enforcement entities to include a forensic review of systems.
- Set up an advisory council to advise on best practices and systems, such as emerging technological management protocols.
- Appoint a technology adviser to assess security procedures and practices in the district. The individual will also review data center operations, including existing technology, critical processes and infrastructure.
- Introduce mandatory cybersecurity training for employees.