Vice Society ransomware claims credit for Los Angeles school attack

The Vice Society ransomware outfit, the subject of a recent CISA advisory, said it attacked the Los Angeles Unified School District.
lausd bus
A Los Angeles Unified School District bus in Inglewood, California on March 1, 2021. (Patrick T. Fallon / AFP / Getty Images)

The ransomware outfit known as Vice Society has claimed credit for an attack earlier this week that disabled several IT systems at the Los Angeles Unified School District, according to a report.

An actor affiliated with the gang confirmed to DataBreachToday that it was behind the attack at LAUSD, the country’s second-biggest K-12 school system, though the hacker did not say if any students’ data had been stolen in the incident. District officials have said that several information management systems were affected by the attack, including the student management system, which Superintendent Alberto Carvalho said Wednesday had been “touched” by the ransomware.

Vice Society has also reportedly claimed to have stolen 500 gigabytes’ worth of data from the school district.

DataBreachToday also reported that LAUSD leaders had been warned multiple times by outside consultants and its own inspector general that its network had in recent years been infiltrated by malicious actors using the TrickBot malware.


Carvalho said Thursday that the district has made progress in restoring the systems that went down, with faculty and students re-authenticating user accounts. Los Angeles Unified is also in the process of implementing multi-factor authentication for network users, he said.

Vice Society was the subject of an advisory this week published jointly by the FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, which noted in particular the ransomware gang’s preference for targeting the education sector.

“School districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable; however, the opportunistic targeting often seen with cyber criminals can still put school districts with robust cybersecurity programs at risk,” the advisory read. “K-12 institutions may be seen as particularly lucrative targets due to the amount of sensitive student data accessible through school systems or their managed service providers.”

A recent survey of state education tech leaders found that a majority of education IT leaders feel their states are providing very little financial support for cybersecurity efforts.

The Los Angeles USD incident prompted several edtech organizations — including the State Educational Technology Directors Association and the Consortium for School Networking — to call on the Federal Communications Commission to expand E-Rate, a program that gives school districts discounts on networking devices, to include cybersecurity products. In an emailed statement the groups asked the FCC to “immediately modernize its definition of ‘firewalls’ to allow E-Rate funding to be used to safeguard school and library networks.”

Benjamin Freed

Written by Benjamin Freed

Benjamin Freed was the managing editor of StateScoop and EdScoop, covering cybersecurity issues affecting state and local governments across the country. He wrote extensively about ransomware, election security and the federal government’s role in assisting states and cities with information security.

Latest Podcasts