LA school district was warned of ransomware threat before recent shutdown

Illustration by Carlo Cadenas / The Verge

The Los Angeles Unified School District is slowly moving back to capacity after an unprecedented shutdown of computer systems in an attempt to contain the effects of the malicious software. The attack on LAUSD, the second largest school district in the US, put officials on high alert, with fears overlock outs from school management systems and unauthorized access to student data triggering a response from federal, state, and local partners.

It is not the first time that the LAUSD has been exposed to Ransomware. After a system compromise, the same systems narrowly avoided being hit with another attack.

The LAUSD systems were compromised by the TrickBot bankingTrojan, which is able to steal financial credentials from a target system and can also be used to install more damaging software such as ransomware. Journalist Jeremy Kirk highlighted the 2021, intrusion on his social media accounts.

The LAUSD was presumed to have taken action after being notified. The device that was compromised disappeared from the internet. The incidents were a close call for the school district.

The potential impact of the attack on the Los Angeles Unified School District is huge. The district said in a press release that it was still moving toward full operational capacity but had encountered difficulties regaining access to systems.

The district reset more than 53,000 passwords. Further issues were created by this prudent step.

The District was able to intercept the attack by deactivating all our systems, but the recovery from the disruption has been more difficult than expected. Password resets are Los Angeles Unified's biggest challenge.

LAUSD has been able to return many other systems to operational status despite the password difficulties. Some critical systems had been restored within an hour.

It is not possible to recover from such an attack quickly. Jon Miller is the CEO and co-founder of anti-ransomware platform Halcyon.

Miller said that attackers often find targets using compromised login credentials or other ways to circumvent security products. These techniques can give hackers access to networks when a fix is attempted.

If a victim has backups, they will need weeks and months of expensive recovery and incident response to make sure the network is safe to run again.

LAUSD is one of the largest school districts in the country, but it isn't the only one dealing with cyberattacks. Doug Levin, who maintains a database of publicly disclosed school cybersecurity incidents, was able to point to four other school cyberattacks that took place within a month of the LAUSD attack.

A failure of school leadership to keep up with digital transformation is one of the factors that makes schools vulnerable. Schools were left to set their own standards for cyber readiness.

The needs of school districts for support have not been taken into account.

In the aftermath of the attack, federal officials warned that there could be more attacks on schools.

The FBI, Cybersecurity and Infrastructure Security Agency, and the Multi-State Information Sharing and Analysis Center warned that actors disproportionately targeting the education sector with cyberattacks.

The advisory said that K-12 institutions are being attractive targets due to the amount of sensitive student data they handle.