Ransomware Attack Hits USA’s Top School District LA Unified, FBI Joins Investigation
The FBI and CISA warned the education sector against increased ransomware attacks from Vice Society but didn’t confirm it to be the perpetrator of the attack against LAUSD.
On Tuesday, Los Angeles Unified (LAUSD) said a ransomware attack hit it over the first weekend of September. Initially suspected of technical glitches, LAUSD later confirmed that it was a criminal ransomware attack that impacted its email and other computer systems and apps.
While the attack is a cause of concern, LAUSD expects to operate normally in the coming days. Critical business systems remain unaffected, including employee healthcare, payroll, safety, and emergency mechanisms.
However, some business operations such as transportation, food or Beyond the Bell services could be delayed because of the ransomware attack whose perpetrator(s) remains unknown at the moment.
LAUSD is the second-largest school district in the United States, with more than 640,000 kindergartens through twelfth grade (K-12) students studying across 31 municipalities under its jurisdiction.
“With kids returning to school all over the country, it is, unfortunately, no surprise that cybercriminals have seized the opportunity to disrupt essential systems at America’s second-largest school district,” Stephan Chenette, co-founder and CTO at AttackIQ, told Spiceworks.
“Educational institutions continue to be an attractive target for cybercriminals because they store large amounts of valuable Personally Identifiable Information (PII) and often lack critical resources for proper security measures,” Chenette continued.
“School districts’ lack of staff and resources to defend against cyber threats make them an attractive target for cybercriminals. The aftermath of a ransomware attack on underfunded school systems can be crippling, both financially and in loss of data.”
See More: RagnarLocker Ransomware Gang Claims TAP Air Portugal as Its Second Victim in Two Weeks
LAUSD’s reacted to the ransomware attack by contacting the federal government, whose response was “immediate and comprehensive,” the school district mentioned in the news release. As a result, the FBI, the Department of Education, and CISA, supported by local law enforcement, joined forces for incidence response.
“At the District’s request, agencies marshaled significant resources to assess, protect and advise Los Angeles Unified’s response, as well as future planned mitigation protocols.”
Education is among the top 10 most targeted sectors by ransomware syndicates. Between March 2021 and April 2022, the education sector was targeted approximately 35 times (finance is the highest, with over 80 attacks in the same period), according to the 2022 Incident Response report by Palo Alto Networks’ Unit 42. The median ransom demand from the education sector between March 2021 and April 2022 stands at $0.69 million, placing it at #10.
While the cybercriminal group behind the LAUSD ransomware attack remains unknown, ransomware gangs that went after educational organizations the most in the same period were LockBit/LockBit 2.0, Conti, Hive, BlackCat, Dharma, REvil, BlackMatter, and Phobos, in that order.
In a separate alert released jointly by CISA and the FBI, the federal agencies caution organizations of the Vice Society which is “disproportionately targeting the education sector with ransomware attacks.”
FBI and CISA’s advisory is based on their investigation much more recent than that of Unit 42. The two agencies said they anticipate an increase in ransomware attacks by opportunistic threat actors as the 2022/2023 school year commences. The FBI and CISA outlined Vice Society’s indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs).
“To prevent another similar attack, school districts should study the common tactics, techniques, and procedures used by common threat actors, which will help them build more resilient security detection, prevention, and response programs mapped specifically to those known behaviors, Chenette added.
“Organizations should use automated solutions that safely validate their defensive controls against ransomware campaigns and their techniques to better prepare for the next threat.”
He also advised organizations to monitor and scan owned and managed assets for potential vulnerabilities that ransomware gangs can exploit.
Let us know if you enjoyed reading this news on LinkedIn, Twitter, or Facebook. We would love to hear from you!
MORE ON RANSOMWARE
