World News | Huge Los Angeles Unified School District Hit by Cyberattack

Los Angeles, Sep 7 (AP) A cyberattack targeting the huge Los Angeles school district over the Labour Day weekend prompted an unprecedented shutdown of the district's information technology systems as students nationwide return to classrooms and schools' data is increasingly vulnerable.

The attack on the Los Angeles Unified School District sounded alarms across the country, from urgent talks with the White House and the National Security Council after the first signs of so-called ransomware were discovered late Saturday night to mandated password changes for 540,000 students and 70,000 district employees.

Also Read | Sheikh Hasina India Visit: Seven MoUs Signed Between India, Bangladesh.

Though the attack used technology that encrypts data and won't unlock it unless a ransom is paid, in this case the district's superintendent said no immediate demand for money was made and schools in the nation's second-largest district opened as scheduled on Tuesday.

Such attacks have become a growing threat to US schools, with several high-profile incidents reported since last year as pandemic-forced reliance on technology increases the impact.

Also Read | Five Personnel of Pakistan Army Killed During Intelligence-Based Operation in North Waziristan Tribal District.

The White House's response to the LA incursion reflects a growing international fear: A Pew Research Center survey, published last month, found that 71 per cent of Americans say cyberattacks from other countries are a major threat to the US Authorities believe the LA attack originated internationally and have identified three potential countries where it may have come from, though LA Superintendent Alberto Carvalho would not say which countries may be involved. Officials did not identify the ransomware used.

“This was an act of cowardice,” said Nick Melvoin, the school board vice president.

“A criminal act against kids, against their teachers and against an education system.”

So far this year, 26 US school districts — including Los Angeles — and 24 colleges and universities have been hit by so-called ransomware, according to Brett Callow, a ransomware analyst at the cybersecurity firm Emsisoft.

With victims increasingly refusing to pay to have their data unlocked, many cybercriminals instead use the same technology to steal sensitive information and demand extortion payments. If the victim doesn't pay, the data gets dumped online.

Callow said at least 31 of the schools hit this year had data stolen and released online, and noted that eight of the school districts have been hit since August 1. The upsurge on schools as summer vacations end is almost certainly not coincidental, he said.

“It is the No. 1 threat to our safety,” said Michel Moore, chief of the Los Angeles Police Department. “It is an invisible foe and it is tireless.”

Tireless — and expensive, even outside of any monetary demands. A ransomware extortion attack in Albuquerque's biggest school district forced schools to close for two days in January, while Baltimore City's response to a 2019 hit on its computer servers cost upwards of USD 18 million.

The LA attack was discovered around 10:30 pm Saturday when staff first detected “unusual activity," Carvalho said.

The perpetrators appear to have targeted the facilities systems, which involves information about private-sector contractor payments — which are publicly available through records requests — rather than confidential details like payroll, health and other data.

Authorities scrambled to trace the perpetrators and restrict potential damage.

“We basically shut down every one of our systems,” Carvalho said, noting that each one had been checked and all but one — the facilities system — restarted by late Monday night, when the district first notified the public of the hit.

On Tuesday, federal authorities separately warned of potential ransomware attacks that could be perpetrated by the so-called Vice Society, which has allegedly disproportionately targeted the education sector.

Authorities have not said whether they believe Vice Society is involved in the LA attack and the group did not respond to a request for comment on Tuesday.

“The fact that a joint cybersecurity advisory relating to Vice Society was issued within days of the attack on LAUSD being discovered may be telling, especially as this gang has frequently targeted the education sector in both the US and the UK,” said Callow, the ransomware expert.

Vice Society first appeared in May 2021 and, rather than a unique variant, it has used ransomware widely available in the Russian-speaking underground, security researchers say. Among victims claimed by Vice Society are the Elmbrook School district in Wisconsin and the Savannah College of Art and Design.

While there was pressure to cancel school in Los Angeles on Tuesday, officials ultimately decided to stay open.

Had the activity not been discovered on Saturday night, Carvalho said there could have been “catastrophic” consequences.

“If we had lost the ability to run our school buses, over 40,000 of our students would not have been able to get to school, or it would have been a highly disrupted system,” he said.

The district plans to do a forensic audit of the attack to see what can be done to prevent future incursions.

“Every teacher, every employee, every student can be a weak point,” said Soheil Katal, the district's chief information officer.(AP)

(The above story is verified and authored by Press Trust of India (PTI) staff. PTI, India’s premier news agency, employs more than 400 journalists and 500 stringers to cover almost every district and small town in India.. The views appearing in the above post do not reflect the opinions of LatestLY)