The Los Angeles Unified School District (LAUSD) is still taking steps to recover from a ransomware attack on its IT systems last week.
The school district said in a September 7 press release that schools are making progress towards full operational capacity, but that the disruption has proven “more challenging than initially anticipated.”
The biggest challenge, LAUSD said last week, is resetting students and employees’ passwords.
To help with that task, the school district has launched a tech support hotline that will help staff and students reset their passwords. Once they do this, they will be able to access applications that allow them to check their email, see records, or take attendance, for example.
Superintendent Alberto Carvalho said that LAUSD is working quickly to roll out a multi-factor authentication processes following the attack.
“This incident has been a firm reminder that cybersecurity threats pose a real risk for our District – and districts across the nation,” Carvalho said.
LAUSD established an Independent Information Technology Task Force to review all previous network audits and reports including the “Information Security Audit, Cyber Security Assessment and Internal and External Penetration Assessment,” published by the Office of the Inspector General in 2021.
“The task force will examine the viability and validity of the audit and report back with additional enhancements outlined in a final 90 day report,” Carvalho said.
The superintendent made it clear that the cyberattack was “likely criminal in nature,” but declined to name the suspected hackers during a news conference on September 9. Local law enforcement, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are still actively investigating the breach and claim that the perpetrators are well-known hackers.
Suspicions that the Vice Society cybercriminal group executed the attack on LAUSD comes from three reporters claiming they got confirmation from an actor allegedly in the group.
A reporter at the Associated Press, Data Breach Today, and BleepingComputer all claim that they recently corresponded with hackers from Vice Society who took credit for the cybersecurity attack on LAUSD, according to reporting from the LA Times.
Additionally, CISA – alongside the FBI and the Multi-State Information Sharing and Analysis Center – released a Cybersecurity Advisory three days after the LAUSD incident to warn the education sector about the frequent targeting of ransomware attacks by Vice Society, especially in K-12 schools.
“[We] anticipate attacks may increase as the 2022/2023 school year begins and criminal ransomware groups perceive opportunities for successful attacks,” the advisory said. “K-12 institutions may be seen as particularly lucrative targets due to the amount of sensitive student data accessible through school systems or their managed service providers.”