Los Angeles school district hit with cyberattack

Zach Schonfeld

The nation’s second largest public school district announced on Tuesday that it was targeted in a recent cyberattack.

Los Angeles Unified School District announced that officials detected unusual activity over the weekend, which it said was “likely criminal” ransomware, after announcing the previous day that the district’s email system and some other technological services were disrupted.

School officials said in a statement that schools would open as scheduled on Tuesday, and the White House had brought together the FBI, Cybersecurity and Infrastructure Security Agency (CISA) and Education Department to assist.

“Los Angeles Unified is immediately establishing a plan of action, informed by top public and private sector technology and cyber security professionals, to determine additional protections for the District, and to provide an independent opinion on system-wide protective measures,” the district wrote in its statement.

“We will continue to benefit from the declared assistance of federal and state law enforcement entities to assist with investigative procedures and technical deployment and solutions,” it continued.

Eric Goldstein, CISA’s executive assistant director for cybersecurity, lauded the school district for taking “swift action” to report the incident to federal agencies, adding that CISA was collaborating with the other federal agencies on their response.

“We encourage all organizations, including educational institutions, to visit stopransomware.gov for additional guidance on managing this ongoing threat,” he said.

CISA and the FBI on Tuesday published a new advisory indicating a ransomware group called Vice Society is disproportionately targeting the education sector. The advisory did not explicitly reference the Los Angeles incident but said investigators had identified activity as recent as this month from the group.

“Impacts from these attacks have ranged from restricted access to networks and data, delayed exams, canceled school days, and unauthorized access to and theft of personal information regarding students and staff,” the advisory reads.

The district announced later on Tuesday it was requiring all students and employees to change their email passwords.

School officials said that although they expect classroom instruction, transportation and food services to move forward without “major technical issues,” some of the district’s business operations may be delayed or modified.

“Based on a preliminary analysis of critical business systems, employee healthcare and payroll are not impacted, nor has the cyber incident impacted safety and emergency mechanisms in place at schools,” the district said in the statement.

Los Angeles Unified School District also announced nine steps it would take in response to the incident, including a full-scale reorganization of its technology investments, mandatory cybersecurity employee training and a forensic review of the district’s systems.

The attack comes as multiple critical sectors have seen a rise in cyberattacks this year, forcing many companies to improve their cyber defenses.

Updated at 4:35 p.m.

For the latest news, weather, sports, and streaming video, head to The Hill.

Advertisement