U.S. markets close in 3 hours 33 minutes

  • S&P 500

    4,049.59
    +43.41 (+1.08%)
     

  • Dow 30

    32,036.79
    +262.27 (+0.83%)
     

  • Nasdaq

    12,047.50
    +185.38 (+1.56%)
     

  • Russell 2000

    1,874.60
    +27.70 (+1.50%)
     

  • Crude Oil

    86.17
    +2.63 (+3.15%)
     

  • Gold

    1,726.90
    +6.70 (+0.39%)
     

  • Silver

    18.67
    +0.22 (+1.21%)
     

  • EUR/USD

    1.0046
    +0.0044 (+0.44%)
     

  • 10-Yr Bond

    3.3060
    +0.0140 (+0.43%)
     

  • GBP/USD

    1.1592
    +0.0090 (+0.78%)
     

  • USD/JPY

    142.6480
    -1.4390 (-1.00%)
     

  • BTC-USD

    21,224.57
    +2,074.83 (+10.83%)
     

  • CMC Crypto 200

    508.04
    +19.44 (+3.98%)
     

  • FTSE 100

    7,351.07
    +89.01 (+1.23%)
     

  • Nikkei 225

    28,214.75
    +149.47 (+0.53%)
     

Everything we know so far about the ransomware attack on Los Angeles schools

Carly Page
·4 min read

Los Angeles Unified School District, or LAUSD — the second largest district in the U.S. with more than 1,000 schools and 6,000 students — confirmed this week that it was hit by a cyberattack over the weekend, disrupting access to its IT systems.

Details about the incident, described as "criminal in nature" and later confirmed to be ransomware, remain vague. It’s not yet known whether data was stolen, and while LAUSD resumed classes as planned on Tuesday following the long Labor Day weekend, the impact on schools is currently unclear. LAUSD's chief communications officer Shannon Haber has not responded to multiple requests for comment.

While there is a lot we don't yet know, a number of details about the incident are beginning to emerge.

Vice Society claims responsibility

Vice Society, a Russian-speaking ransomware group and known for targeting the education sector, claimed responsibility for the LAUSD ransomware attack.

Vice Society is a double-extortion ransomware group, meaning it typically exfiltrates a victim's sensitive data as well as encrypting it. The group is known to break into its victims' networks by exploiting the Windows PrintNightmare vulnerability.

A review of Vice Society's leak site does not yet list LAUSD, but a number of other U.S. school districts are currently listed on the site, including Wisconsin's Elmbrook Schools and the Moon Area School District in Allegheny County.

TechCrunch asked LAUSD whether it could confirm that Vice Society was behind the attack but did not receive a response.

The claim by Vice Society comes days after the FBI and CISA warned that the ransomware group, which has been active since 2021, is “disproportionately targeting the education sector with ransomware attacks.” A joint government advisory this week warns that K-12 education institutions, like LAUSD, have been frequent targets of attacks, which have led to restricted access to networks and data, delayed exams, canceled school days and the theft of personal information belonging to students and staff.

Brett Callow, a ransomware expert and threat analyst at Emsisoft, told TechCrunch that LAUSD is the fiftieth education sector entity to be hit with ransomware this year alone.

Response from LAUSD

While LAUSD has not yet confirmed the impact of the ransomware attack, the district said in an update on September 8 that it is making progress toward “full operational stability” for a number of key IT services. LAUSD hasn't said which services are back up and running, but previously said students and teachers might be unable to access email, Google Drive and Schoology, a popular learning management system.

LAUSD said that all compromised credentials were fully deactivated to protect network integrity and added that it’s expediting the rollout of multi-factor authentication across the district. LAUSD was in the process of a large-scale rollout of multi-factor authentication, with an aim to make the security feature mandatory for employees and contractors starting on September 12, according to an LAUSD notice that was later posted on Twitter.

Superintendent Alberto M. Carvalho said: “This incident has been a firm reminder that cybersecurity threats pose a real risk for our District — and districts across the nation."

Dark web data leak debunked

Earlier this week, reports emerged that "at least 23" login credentials of LAUSD employees appeared on the dark web. The credentials reportedly contained email addresses and passwords, and at least one set of credentials is said to have unlocked an account for the district's virtual private network service.

However, in its update published, LAUSD said that “compromised email credentials reportedly found on nefarious websites were unrelated to this attack, as attested by federal investigative agencies."

A previous ransomware attempt?

LAUSD was the target of a previous ransomware attack in 2021, according to threat intelligence company Hold Security, via cybersecurity reporter Jeremy Kirk. According to the company, a school psychologist's machine was infected with Trickbot, a financially motivated malware that is sometimes used as a precursor to a ransomware attack.

Hold Security says it warned the district, but it's not clear what actions — if any — were taken.

"LAUSD may have conducted incident response and remediated. But it foreshadowed what was to come this year," said Kirk, commenting on the security company's findings.

Los Angeles school district warns of disruption as it battles ongoing ransomware attack

Recommended Stories

  • Klopp to 'reinvent' Liverpool amid early-season struggles

    The final whistle had just sounded on Liverpool’s biggest away loss in Europe in more than a half-century when Jurgen Klopp made his way across the field to salute his team’s away fans. Typically, Klopp’s post-match routine sees him repeatedly punch the air in front of Liverpool’s supporters — and get a guttural roar of approval in response. Liverpool’s performance in its 4-1 loss at Napoli in the Champions League on Wednesday was so poor — so unlike Liverpool — that it had Klopp scratching his head and wondering how things had gotten this bad, this quickly for a team that was in the final of Europe’s top competition only 3½ months ago.

  • Self-sterilising plastic kills viruses like Covid

    The researchers think their plastic could help stop viruses spreading in hospitals.

  • White House Is Mulling a Ban on Bitcoin Mining

    The White House has floated the possibility of limiting or eliminating the proof-of-work mechanism that underpins Bitcoin and its blockchain network.

  • Gov. Gavin Newsom talks about extreme heat, energy concerns during visit to Beverly Hills

    Newsom said 27 million messages were sent statewide calling for immediate power conservation, "and within minutes, we saw a roughly 2,600-megawatt reduction in usage."

  • Emergency text averted possible California power cuts

    Residents received a text to shut down non-essential power after record temperatures in the state.

  • People are going back to the office -- except in the Bay Area

    Over the past decade, startups migrated north from Silicon Valley to make San Francisco the country’s hottest tech hub. Now, more than two years and several vaccines later, San Francisco’s office scene has still not rebounded and the city’s streets remain eerily quiet. San Francisco is seeing the lowest attendance rates for office employees in the United States, according to Colin Yasukochi, executive director of real estate brokerage CBRE’s Tech Insights Center.

  • Parents concerned LAUSD classrooms are getting too hot during heat wave

    One mother said there are unbearable conditions inside her daughter's LAUSD middle school.

  • New space telescope, new questions about cosmic history

    It is an extremely vibrant time in the scientific community as we welcome challenges to our understanding of the cosmos.

  • 'Mighty Ducks' star Shaun Weiss says he was 96 pounds and 'infested with bugs' while homeless and addicted to meth

    Shaun Weiss, known for his role as goalie Greg Goldberg in the Mighty Ducks film franchise, struggled publicly in recent years. His methamphetamine and heroin addictions led to homelessness and multiple arrests.

  • Beloved K-State football tradition could end if Wildcat fans continue vulgar KU chant

    Kansas State Wildcats band director Frank Tracz wants the vulgar KU chant at football games to stop. The Wabash Cannonball song could go away if it continues.

  • SpaceX is gearing up for a weekend launch doubleheader if weather permits

    SpaceX teams expect Falcon 9 liftoffs from both of the company's Florida launch pads on Saturday and Sunday between 8 p.m. and 11 p.m. EDT.

  • Venture capital to benefit from 'big reset in markets,' expert says

    Advent International Managing Partner & Chairman David Mussafer joins Yahoo Finance Live to discuss how venture capital is shifting amid economic uncertainty, creating a balanced environment for investors, global monetary policy, inflationary pressures, supply chain woes, and the outlook for Lululemon.

  • Major Food Stamps Change Means More Grocery Options for SNAP Users Everywhere

    The addition of a new third-party payment provider to the Supplemental Nutrition Assistance Program should be good news for grocers that want to accept digital payments for purchases -- and good news...

  • Google Pays ‘Enormous’ Sums to Maintain Search-Engine Dominance, DOJ Says

    (Bloomberg) -- Alphabet Inc.’s Google pays billions of dollars each year to Apple Inc., Samsung Electronics Co. and other telecom giants to illegally maintain its spot as the No. 1 search engine, the US Justice Department told a federal judge Thursday.Most Read from BloombergCharles Becomes King as the Face of a Nation ChangesDouble Rainbow Appears Over Buckingham Palace as Crowd Gathers to Mourn QueenQueen Elizabeth’s Doctors Are Concerned for Her HealthUkraine Army’s Breakthrough in North Thre

  • As T-Mobile, Verizon Ramp Up 5G Wireless, Cable Stocks Feel The Pain

    High-speed 5G internet service to homes has emerged as a growth driver for T-Mobile and Verizon and a worry for cable TV firms.

  • BofA logs another record with patents granted in first half of 2022

    Bank of America Corp. has hit a 50% year-over-year increase in patents granted — marking another record for innovation. BofA (NYSE: BAC) announced today the bank was granted 341 patents during the first half of this year, a jump from 227 during mid-year 2021. The seven tech categories granted include programming technology (18%), artificial intelligence and machine learning (20%), information security (21%), payment technology (16%), mobile banking (14%), blockchain (6%) and data analytics (5%).

  • It's Google Vs. Amazon Now In Online Shopping

    Amazon's Buy With Prime program could boost its e-commerce dominance. But Google has refocused on using e-commerce-related searches to boost advertising growth.

  • U.S. seizes $30 million in crypto from North Korea-linked hackers

    The company said in a blog post it played a role in the recovery with U.S. law enforcement and other crypto organizations, without naming them, in the first ever recovery of stolen cryptocurrency by a North Korea hacking group. Chainalysis and North Korea's mission to the United Nations did not immediately respond to requests for comment.

  • Explainer-Understanding Ethereum's major 'Merge' upgrade

    (Reuters) -Ethereum, the blockchain that underpins the world's second-largest crypto token ether, will soon undergo a major software upgrade that promises to slash the amount of energy needed to create new coins and carry out transactions. The Ethereum blockchain is due to merge with a separate blockchain, radically changing the way it processes transactions and how new ether tokens are created. The new system, known as "proof-of-stake", will slash the Ethereum blockchain's energy consumption by 99.9%, developers say.

  • Working for a DAO: 'No boardroom, no boss, no bias' — The Crypto Mile

    A DAO is a new type of organisation that utilises blockchain technology and promises to radically change the way we work.