Search This Blog

Showing posts with label US Schools. Show all posts

LAUSD Computers are Breached via Cybercriminals

According to Los Angeles Unified School District (LAUSD), the second-largest school district in the U. S., the Vice Society ransomware group has stolen files containing private information, including Social Security Numbers, from contractors (SSNs).

Additionally, LAUSD disclosed that the threat actors were present on its network for more than two months, from July 31 to September 3, 2022. The group claimed to have stolen 500 GB of data from the school system's systems to BleepingComputer before distributing the stolen material, but they offered no supporting documentation.

Experian's IdentityWorksSM, which aids in detecting information misuse, is being made available to contractors and their staff members by LAUSD for free for a year. The FBI, CISA, and MS-ISAC jointly released an advisory warning of Vice Society's excessive targeting of the U.S. education sector on the day LAUSD reported the ransomware attack. Hackers replied to L.A. Unified's refusal to pay a ransom by exposing the data they obtained into the dark web, where other nefarious characters may use it for identity theft.

The school district declared it would not comply with the cybercriminals' ransom demands in order to better utilize the money for its students and their education, the ransomware group released data from LAUSD.

Data theft is simply one aspect of an operation. The second step entails encrypting computer systems so that users are unable to access them and daily business is rendered impossible. Although basic tasks, such as classroom instruction and record-keeping, were more challenging for approximately two weeks, hackers were able to encrypt systems in the district's facilities division. Schools never had to temporarily close, as in other places when various school systems were targeted.

The revelation in the notice came as no surprise to cybersecurity professionals. They anticipated that an examination would show the system intrusion started earlier than was initially reported. Officials from the school district did not disclose the number of potential victims. When there are more than 500 California citizens affected, the required number for public notification, a notice letter should be filed with the state attorney general in addition to notifying the victims.

A Ransomware Attack Hit Two Michigan Schools

In response to a ransomware attack, two Michigan school districts have shuttered. Kevin Oxley, the superintendent of the Jackson County Intermediate School District, announced that until Wednesday school would remain closed.

In order to look into the incident and get support in re-establishing their systems in a secure manner, the schools alerted law enforcement and hired external cybersecurity advisors.

According to Det. Lt. Mike Teachout of the Michigan Cyber Command Center, the district got in touch with the organization. This organization is in charge of coordinating the joint efforts of the emergency response to cyber occurrences in Michigan.

The schools encouraged everyone to abstain from using any school-issued gadgets as a precaution.

According to Kevin Oxley, "This intrusion occurred because we were victims of a ransomware attack that was spotted over the weekend. Credits to overnight work by our tech staff and cybersecurity professionals. We actively shut down networks as soon as we noticed suspicious behavior in order to contain the situation."

While restoration efforts are ongoing, Oxley stated that getting students back in class on Thursday was the first priority. "We prioritized bringing vital systems back up to allow us to safely restart operations and reopen school buildings across Jackson and Hillsdale counties," Oxley said.

Over 24,000 pupils are enrolled in the district. According to officials, Hillsdale Community District Schools, whose technology services are provided by a county consortium, were also impacted by the incident.

A wide range of facility operations, including but not limited to heating, telephones, and classroom equipment, were affected by the cyberattack that transpired over the weekend of November 12–13, forcing schools in Jackson and Hillsdale counties to cancel classes for the whole week. As of yet, no cybercrime organization has been held responsible for the attack.

The Los Angeles Unified School District, one of the largest school systems in the US, was the victim of a ransomware attack in September. School districts that are a prime target for ransomware gangs now must exercise caution. 

Ransomware Targeted Almost 1,000 Schools in US This Year


Ransomware attacks against the US schools are on a surge, experts say threat actors are actively targeting schools as classrooms switched to remote learning last year.

According to tallies by Emsisoft and Recorded Future – cybersecurity firms known for tracking and investigating ransomware attacks  almost 1,000 schools across the United States have suffered a ransomware attack this year. 

Threat actors targeted 985 schools across 73 school districts and it’s very likely there are some schools that are missing from the list, meaning the total number of victims is likely higher than 1,000, said Brett Callow, a researcher at Emsisoft. 

The list shared by Callow includes high-profile schools such as the Mesquite Independent School District in Texas, which comprises 49 different schools; the Haverhill Public Schools in Massachusetts, which comprises 16 schools; and the Visalia Unified School District in California, which comprises 41 schools.

“There is a huge jump in ransomware attacks hitting schools starting in 2019 and that trend is accelerating,” Allan Liska, cybersecurity researcher at cybersecurity firm Recorded Future told Motherboard in an online chat.

There is no denying that 2021 is the year of ransomware but there are some good stories too. Earlier this year, when threat actors targeted the Affton School District in Missouri, the district had to cancel classes for a day out of precaution, but the attackers were not able to encrypt any critical computer or system, as the entire school was operating on Google’s cloud, according to Adam Jasinski, the district’s head of IT.

“While school districts are falling victim to ransomware at the same rate as ever, it seems that fewer large districts are now being hit. And that could be cause for hope,” Callow told Motherboard in an email. “If larger districts have been able to up their security game, smaller districts can too. We just need to work out what shortcomings exist and ensure they have the resources to address those shortcomings.” 

“The increased efforts by governments, law enforcement, and private-public sector initiatives seem to be paying off and we’re seeing more wins. Cybercrime operations are being disrupted, and their revenue streams are being disrupted which, combined, alters the risk/reward ratio and will hopefully disincentivize attacks,” he added.