A cyberattack that targeted the Los Angeles Unified School District over Labor Day weekend resulted in an unprecedented shutdown of the district’s information technology systems as authorities tried to track down the perpetrators and limit damage. potential harm.
Schools in the nation’s second-largest county reopened as scheduled on Tuesday, and 540,000 students and 70,000 district employees were forced to change their passwords to prevent additional intrusions. While the attack uses data encryption technology and will not unlock unless a ransom is paid, in this case, the school district’s superintendent said no immediate requests for money were made. .
Such attacks have become a growing threat to schools in the United Stateswith several well-known incidents reported since last year when the pandemic forced reliance on technology to increase the impact.
So far, this year, 26 US school districts – including Los Angeles – and 24 colleges and universities have been hacked, according to Brett Callow, a ransomware analyst at cybersecurity firm Emsisoft. attacked by so-called ransomware.
With victims increasingly refusing to pay to have their data unlocked, many cybercriminals are instead using similar technology to steal sensitive information and demand ransom payments. If the victim does not pay, the data will be sold online.
Callow said at least 31 schools have been hacked this year, having their data stolen and posted online, and noted that eight of the school districts have been hacked since Aug. 1. The increase in schools as the summer break ends is almost certainly no accident, he said.
“It’s the number one threat to our safety,” said Michel Moore, Superintendent of the Los Angeles Police Department, at a news conference Tuesday addressing the LA attack. “It’s an invisible enemy and it doesn’t tire.”
Authorities believe the LA attack was of international origin and have identified three potential countries where it may have originated, although Los Angeles Unification CEO Alberto Carvalho would not say those. who may be involved. Officials did not identify the ransomware used.
Nick Melvoin, vice president of the school board, said: “This is an act of cowardice. “A criminal act against children, against their teachers and against the education system.”
The district said the investigation and response involved the White House, the US Department of Education, the FBI, and the Department of Homeland Security’s Cyber and Infrastructure Security Agency.
Although the school district described the cyberattack as a “significant disruption to the infrastructure of our systems,” officials did not see any evidence of major problems with the guidance or services such as transportation and food during the first half of Tuesday’s school day, but cautions that business may remain delayed or modified.
The perpetrators appear to have targeted the facilities system, with regards to information about private sector contractor payments – made public through records requests – rather than expenses. confidential details such as payroll, health and other data, Carvalho said.
The attack was discovered around 10:30 p.m. Saturday when staff noticed “unusual activity” in the district’s network, the superintendent said.
“We basically shut down all of our systems,” he said, noting that each system was tested and all but one — the facilities system — rebooted late at night. Monday, when the school district first notified the public of the attack.
While there was pressure to cancel classes on Tuesday, officials ultimately decided to stay put.
A ransomware attack at Albuquerque’s largest school district forced schools to close for two days in January. At the time, the superintendent said virtual attendance during the pandemic had provided more ways for hackers to gain access to the district’s systems.
If the LA activity goes undetected Saturday night, Carvalho says there could be “catastrophic” consequences.
“If we lost the ability to run the school bus, our more than 40,000 students would not be able to go to school, or it would be a severe system disruption,” he said.
The district plans to conduct a forensic examination of the attack to see what it can do to prevent future attacks.
“Every teacher, every staff member, every student can be a weakness,” said Soheil Katal, the district’s chief information officer.
Register Fortune feature email list so you don’t miss our biggest features, exclusive interviews and surveys.