By Nicole Banh | Staff Writer
On Sept. 5, Vice Society launched a ransomware attack on the Los Angeles Unified School District (LAUSD), the second biggest school district in the United States.
Ransomware attacks are malicious software commonly used by gangs to block computer access until a sum of money is paid. Organizations in government, health care, and education are most affected.
District IT officials immediately stopped the ransomware attack. While the issue was being resolved, the district website was down, many students and teachers lost access to school emails, and teachers could not post or access lessons.
Social security numbers, medical information, and other private information were not stolen.
The district announced that the White House was organizing the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) to support LAUSD and local law enforcement. They will be providing LAUSD with personnel to deal with upcoming issues and reinforce LAUSD security.
Not long after the attack, cybersecurity reporter Jeremy Kirk tweeted that Vice Society, a Russian-speaking ransomware group orchestrated the attack. Vice Society announced that they had 500 GB of data from LAUSD.
Despite this, no ransom was demanded by them.
“By shutting down all the systems, we were able to stop the propagation of this event … restricting its potential damage,” Alberto Carvalho, superintendent of LAUSD, announced at a news conference on Sept. 6.
Had Vice Society gone unnoticed, they could have controlled the district’s transportation and payroll systems.
“If we had lost the ability to run our school buses, over 40,000 of our students would not have been able to get to school, or it would have been a highly disrupted system,” Carvalho stated.
Once students returned to school, everyone was required to change their passwords, including administrators, staff, teachers, and students.
Classes continued as usual, although many services had to be delayed or modified.
Attendance had to be taken with pen and paper, and teachers were locked out of lesson plans. However, services such as serving food in the cafeteria and the payroll department were still working.
By Sept. 8, three days after the systems were brought down, a majority of systems were stable and back online.
This was not the first time LAUSD has been attacked by ransomware. In 2021, a school machine was infested with Trickbot malware, which aimed to steal financial details, account credentials, and personally identifiable information.
“This incident has been a firm reminder that cybersecurity threats pose a real risk for our district — and districts across the nation,” Carvalho stated.