20.6 C
New York
Wednesday, September 28, 2022

LA School District Warned of Ransomware Threat Ahead of Recent Shutdown

The Los Angeles Unified School District (LAUSD) is slowly returning to capacity after a ransomware attack launched over Labor Day weekend caused an unprecedented shutdown of computer systems in an effort to contain the effects of the software malicious. The attack on LAUSD, the second-largest school district in the United States, has officials on high alert, with fears of lockdowns in school management systems and unauthorized access to student data triggering a response from federal, state and local partners.

But this isn’t the first time LAUSD systems have been exposed to ransomware — and it’s not the first ransomware warning the district has received. The same systems narrowly avoided being hit by another similar attack in February 2021 after a system compromise, as confirmed by Hold Security CEO Alex Holden.

holden said The edge that his company discovered a device on LAUSD’s systems that had been compromised by the TrickBot banking trojan, which is capable of stealing financial credentials from a target system and can also be used to install malware more damaging such as ransomware. (The 2021 intrusion was first highlighted by journalist Jeremy Kirk on Twitter.)

LAUSD was notified by a third party, Holden says, and presumed to have taken action. Shortly after, the compromised device disappeared from the TrickBot botnet. Holden described the incidents as a “close call” for the school district, adding, “Unfortunately, this time it turned out differently.”

LAUSD has a total of over 600,000 students, meaning the potential impact of the attack is huge. In a Sept. 7 press release, the district said it was still moving toward full operational capability but had encountered challenges regaining access to systems.

On Tuesday, the district said it had reset more than 53,000 student and employee passwords. But this cautious step also created other problems.

“While the District’s ability to intercept the attack by disabling all of our systems was the quick, decisive and prudent action to avoid a catastrophic breach, recovery from the disruption proved more challenging than initially anticipated,” the statement said. communicated. “Password resets have and remain Los Angeles Unified’s biggest challenge, as students and employees must perform resets at district sites.”

Despite the password difficulties, LAUSD still managed to restore many other systems to operational status. Earlier in the week, LAUSD Superintendent Alberto Carvalho tweeted that some critical systems had been restored within two hours.

But experts say full recovery from such an attack is not something that can be done quickly. Jon Miller, CEO and co-founder of anti-ransomware platform Halcyon, said The edge that even seemingly restored systems can still be vulnerable.

Attackers often find targets using compromised login credentials, Miller said, or find other ways to circumvent security products installed on the network. In some cases, these techniques give hackers persistent access to networks when a patch is attempted.

“Even if a victim has backups, they will need weeks and months of costly recovery and incident response that must be completed to ensure the network can be safely operated again,” he said. declared.

LAUSD may be one of the largest school districts in the country, but it’s far from alone in dealing with ransomware attacks. Doug Levin, who maintains a database of publicly disclosed school cybersecurity incidents, was able to report The edge to four other school ransomware incidents that occurred in the month following the LAUSD attack.

According to Levin, factors that make schools vulnerable range from resource constraints to school leadership’s inability to keep up with digital transformations in the learning environment. But policymakers were also responsible for letting schools set their own cyber-readiness standards.

“On the cybersecurity policy side, the support needs of school districts have been largely overlooked,” Levin said.

Nonetheless, in the aftermath of the attack, federal officials warned that ransomware attacks on schools could increase.

A joint cybersecurity advisory from the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) warned that federal agencies have “observed … actors disproportionately targeting the education sector with ransomware. attacks. »

Cyberattacks on schools could increase in the 2022-2023 school year as ransomware groups see opportunities for successful attacks, the advisory said, with K-12 schools attractive targets due to the sheer number of schools. sensitive student data they process.

Related Articles


Please enter your comment!
Please enter your name here

Stay Connected


Latest Articles