Los Angeles Unified School District Hit With Ransomware Attack

Los Angeles Unified School District Hit With Ransomware Attack
A Los Angeles Unified School District bus in Los Angeles on Sept. 29, 2021. (John Fredricks/The Epoch Times)
Naveen Athrappully

The information technology systems of Los Angeles Unified School District (LAUSD) in California, the second largest school district in the United States, were targeted by a ransomware attack over Labor Day weekend, the school system announced Monday.

Following the “external cyber attack” on IT assets, LAUSD quickly responded to minimize disruptions to its network, including email services, access to applications, and computer systems, according to a Sept. 5 news release. Despite the attack, the district resumed normal operations on Sept. 6, providing a full day of instruction to students.

All information systems were up and running within the initial two hours of the school day, and student meal services and bus transportation resumed without issue, the district said.

If the district had lost its ability to run school buses, more than 40,000 students would not have been able to arrive at their schools that morning, Superintendent Alberto M. Carvalho said in a Sept. 6 news release.

In a ransomware attack, hackers block a victim’s access to computer systems and data or threaten to publish stolen information. The hacker will then demand a ransom fee from the victim to resolve the issue.

“The impact of this incident could have been catastrophic if our teams and partners had not responded quickly and decisively, cut off the hacker's access immediately, and worked expeditiously to restore operational capacity,” Carvalho said.

The matter is being investigated by local law enforcement, the Department of Education, the FBI, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.

The district advised employees, students, and families to reset passwords on the school network. According to a Sept. 6 tweet by Carvalho, more than 53,000 passwords were successfully reset after the attack.

Cyber Attacks

The United States has been seeing more cyber attacks on its critical infrastructure in recent years, including educational institutions.
In April 2021, the University of California was the victim of hackers who sent mass emails threatening to publish private data in an attempt at scaring the victims into giving them money.
In May 2021, a ransomware attack targeted the Colonial Pipeline, forcing the energy company to pay the criminals about $4.4 million in bitcoin. Just a few months later in August, the Port of Houston was the target of a cyber attack.
And in December 2021, hackers broke into the network of Chicago Public Schools and gained access to the data of almost half a million students.

Congress has passed several bills in response to the recent uptick in cyber attacks, and in March of this year, President Joe Biden signed into law the Strengthening American Cybersecurity Act of 2022, aimed at protecting the critical infrastructure of the United States.

In late July, the House passed the Energy Cybersecurity University Leadership Act of 2022, which seeks to address cyber threats to America’s energy infrastructure.