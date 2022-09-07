Enlarge this image toggle signature Damian Dovarganes/AP

LOS ANGELES — A ransomware attack targeting the massive Los Angeles School District has caused an unprecedented shutdown of its computer systems as schools become more vulnerable to cyber attacks as the new year begins.

The attack on the Los Angeles Unified School District sparked national alarm, from urgent negotiations with the White House and the National Security Council after the first signs of ransomware were discovered late Saturday night, to mandatory password changes for 540,000 students and 70 000 employees of the district.

Although the attack used technology that encrypts data and does not unlock it until a ransom is paid, in this case the county superintendent said there was no immediate demand for money, and schools in the country’s second-largest district reopened on Tuesday. , as planned.

Such attacks have become a growing threat to American schools, with several high-profile incidents reported since last year as the pandemic-driven reliance on technology amplifies the impact. Ransomware gangs have in the past planned major attacks for the weekend in the US, when they know IT staff will be low and security experts will relax.

While it wasn’t immediately clear when the Los Angeles attack began—officials only said when it was discovered, and a county spokesman declined to answer further questions—the Saturday night discovery reached the highest levels of federal government cybersecurity agencies.

This support model was in line with the Biden administration’s efforts to provide maximum assistance to critical industries affected by such disruptions, a senior administration official said.

National security U.S. warns companies about possible Russian cyberattacks

The official, who spoke on condition of anonymity to discuss the federal government’s response, said the school district did not pay the ransom, but would not go into detail about what was potentially stolen or damaged and which systems were affected by the hack.

The White House’s reaction to the Los Angeles invasion reflects growing national security concerns: Pew Research Center surveypublished last month showed that 71% of Americans consider cyberattacks from other countries to be a serious threat to the US.

Authorities believe the Los Angeles attack was international and have identified three countries where it may have come from, although Los Angeles Superintendent Alberto Carvalho did not say which countries may be involved. Most of the extortionists are Russian-speaking and operate without interference from the Kremlin.

Los Angeles officials have not identified the ransomware being used.

“It was an act of cowardice,” said Nick Melvoin, vice president of the student council. “A criminal act against children, against their teachers and against the education system.”

This year, 26 U.S. school districts, including Los Angeles, and 24 colleges and universities have been hit by so-called ransomware, according to Brett Callow, a ransomware analyst at cybersecurity firm Emsisoft.

As victims increasingly refuse to pay to unlock their data, many cybercriminals are instead using the same technology to steal sensitive information and demand payment for extortion. If the victim does not pay, the data is reset online.

Callow said at least 31 schools affected this year had data stolen and released online, and noted that eight school districts have been affected since Aug. 1. The increase in the number of schools after the summer break is almost certainly no coincidence, he said. .

“This is the number one threat to our security,” said Michelle Moore, chief of the Los Angeles Police Department. “This is an invisible enemy, and he is tireless.”

Technology A cyberattack on the Red Cross compromised the confidential data of over 515,000 vulnerable individuals.

Tireless – and expensive, even beyond any monetary requirements. A ransomware attack in Albuquerque’s largest school district forced schools to close for two days in January, while the City of Baltimore’s response to an attack on its computer servers in 2019 cost more than $18 million.

The Los Angeles attack was detected around 10:30 p.m. Saturday, when personnel first detected “unusual activity,” Carvalho said. The criminals appear to have targeted facility systems that include private sector contractor payment information that is publicly available through registration requests rather than sensitive data such as payroll, health and other data.

He said county IT officials found the malware and stopped it from spreading, but only after it infected key network systems, requiring password resets for all staff and students.

The authorities have tried to track the attackers and limit the potential damage.

“We basically shut down all of our systems,” Carvalho said, noting that every single one of them has been tested and all but one — the facility systems — were restarted late Monday night, when the county first notified the public of the attack.

On Tuesday, federal authorities issued a separate warning of potential ransomware attacks by a crime syndicate known as the Vice Society, which is said to disproportionately target the education sector.

Authorities did not say whether they believe the Vice Society was involved in the Los Angeles attack, and the group did not respond to a request for comment Tuesday.

“The fact that a joint cybersecurity advisory regarding the Vice Society was issued days after the discovery of the LAUSD attack may be telling, especially given that the gang has frequently targeted the education sector in both the US and the UK,” said Callow, a ransomware expert.

Vice Society first appeared in May 2021 and, according to security researchers, did not use a unique variant, but ransomware widely available in the Russian-speaking underground. Among the victims claimed by the Vice Society are the Elmbrook School District in Wisconsin and the Savannah College of Art and Design.

Ransomware gangs usually break up after high-profile attacks, such as last year’s Colonial Pipeline incident, which sparked raids on gas stations. Then their members are recreated under new names.

Despite pressure to cancel the school in Los Angeles on Tuesday, officials ultimately decided to stay open.

If the activity had not been detected on Saturday evening, the consequences could have been “catastrophic”, Carvalho said.

“If we were to lose the ability to drive school buses, over 40,000 of our students would not be able to get to school, or the system would be severely disrupted,” he said.

The county plans to conduct a forensic analysis of the attack to determine what can be done to prevent future intrusions.

“Every teacher, every employee, every student can be a weak spot,” said Soheil Katal, the district’s chief information officer.