On September 6, the Los Angeles Unified School District, (LAUSD) was targeted by ransomware. In a statement published online, the district’s administrators said it had detected “unusual activity” within its networks, saying it had been targeted by ransomware; despite the attack, students have been able to attend school. The District has more than 400,000 students ranging from kindergarten to 12th grade.
Vice Society, a Russian-speaking ransomware group and known for targeting the education sector, claimed responsibility for the LAUSD ransomware attack.
Other School Districts that may have been hacked by Vice Society include Wisconsin’s Elmbrook Schools and the Moon Area School District in Allegheny County. this could happen or is happening at School Districts.
According to CISA Alert AA22-249A, Vice Society is disproportionately targeting the education sector with ransomware attacks. Over the past several years, the education sector, especially kindergarten through twelfth grade (K-12) institutions, have been a frequent target of ransomware attacks. Impacts from these attacks have ranged from restricted access to networks and data, delayed exams, canceled school days, and unauthorized access to and theft of personal information regarding students and staff.
Back at LAUSD, the attack prompted a large response from the FBI and Department of Homeland Security assisting local law enforcement. Students and staff have lost access to their email systems, local reports say. It is also unclear, according to reports, whether students’ information, including disciplinary records and assessments, was accessed by the attackers.
Just another School District for Vice Society
Techcrunch.com reports the following regarding the Vice Society
“Vice Society is a double-extortion ransomware group, meaning it typically exfiltrates a victim’s sensitive data as well as encrypting it. The group is known to break into its victims’ networks by exploiting the Windows PrintNightmare Vulnerability.” This Vulnerability Exploits Windows Print Spooler and nick named PrintNightmare.
A review of Vice Society’s site does not yet list LAUSD, but a number of other U.S. school districts are currently listed on the site, including Wisconsin’s Elmbrook Schools and the Moon Area School District in Allegheny County.
TechCrunch asked LAUSD whether it could confirm that Vice Society was behind the attack but did not receive a response.
LAUSD said that students and employees must reset their passwords to their school accounts while physically attending school district sites. “The District has staggered password reset access to minimize congestion from simultaneous users accessing the website,” According to LAUSD Press Release
According to Wired Magazine, the LAUSD attack is the latest against educational institutions: A report by security firm Sophos based on a survey of 499 respondents, 56 percent of lower education and 64 percent of higher education organizations were hit by ransomware in the past year, a “considerable increase” from the previous year.