Los Angeles Unified School District (LAUSD) disclosed that they have fallen victim to a ransomware attack over the Labor Day weekend. The second largest school district in the country, LAUSD enrolls over 640,000 students from kindergarten through 12th grade. LAUSD said in a statement they have reported the incident to law enforcement and they are cooperating with federal agencies to resolve the issue. The school district said some services are currently offline while they continue to investigate, but schools should remain open. In November, the U.S. Department of Education and the Department of Homeland Security (DHS) were urged to strengthen cybersecurity protections at K-12 schools nationwide to keep up with a massive and ongoing wave of attacks. The call for action came from U.S. Senators Maggie Hassan, Kyrsten Sinema, Jacky Rosen, and Chris Van Hollen after a Government Accountability Office (GAO) report assessing the Education Department’s current plan for addressing K-12 school threats (issued in 2010) to be significantly outdated and focusing on mitigating physical threats.
Second Largest U.S. School District LAUSD Hit by Ransomware
Organizations should initiate proactive measures to ensure they are protected from ransomware. The US DHS website, stopransomware.gov, has links to resources that help organizations protect their systems from intrusions that lead to ransomware. To protect against ransomware attacks, organizations should:
• Regularly back up data, air gap, and password protect backup copies offline.
• Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.
• Implement network segmentation.
• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud).
• Install updates/patch operating systems, software, and firmware as soon as practical after they are released. Implement monitoring of security events on employee workstations and servers, with a 24/7 Security Operations Center to detect threats and respond quickly.
• Use multifactor authentication where possible.
• Use strong passwords and regularly change passwords to network systems and accounts, avoid reusing passwords for multiple accounts.
• Focus on cyber security awareness and training.
• Regularly provide users with training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities.