The Los Angeles Unified School District, the nation’s second-biggest K-12 system, reported over the weekend that its networks were targeted by a ransomware attack that has resulted in disruptions to several internal systems, including email and other applications.
Officials said that “unusual activity” detected over the holiday weekend was confirmed to have come from an external cyberattack, triggering a response that’s caused districtwide system outages. The district said it’s working with local and state law enforcement, as well as several federal agencies, including the Department of Education, the FBI and the Cybersecurity and Infrastructure Security Agency.
The type of ransomware used in the incident has not been identified.
Despite the impacts to LAUSD’s business systems, student transportation, class schedules and instruction are not expected to be upended, according to the district. Payroll systems also remained online.
Covering the City of Los Angeles and nearly three dozen of its suburbs, the Los Angeles Unified School District enrolls nearly 665,000 students. In the wake of the ransomware incident, the district also announced it’ll “immediately” execute an action plan to adjust its computer security. Among the steps in the plan are the creation of an independent IT task force charged with making recommendations and delivering monthly updates, the hiring of a new technology adviser, more cyber hygiene training for school employees and a “full-scale reorganization of departments and systems to build coherence and bolster District data safeguards.”
Ransomware attacks can be extremely costly to school districts, especially if they’re forced to make wide-scale IT overhauls as part of their recovery. Baltimore County, Maryland, Public Schools has spent nearly $10 million recovering from a November 2020 incident that shut down online in-person and virtual instruction for several days. Los Angeles USD is about five times bigger than the Baltimore County district.
According to Brett Callow, a researcher at the antivirus firm Emsisoft, LAUSD is at least the 50th organization in the U.S. education sector to be hit by ransomware this year.
The Government Accountability Office, Congress’ auditing arm, found last year that the Education Department had not updated its plans for K-12 cybersecurity in more than a decade. A review and update of those documents began in March, the department announced.
Additionally, CISA is expected to publish its own report on the state of K-12 cybersecurity this year, following last year’s passage of the K-12 Cybersecurity Act.