FBI K-12 Ransomware Warning as LAUSD is Hit

The FBI has warned of a possible surge in ransomware attacks targeting schools in the US, as the country’s second largest school district succumbed to compromise over the holiday weekend.

The Los Angeles Unified School District (LAUSD), which serves over 600,000 students from kindergarten to twelfth grade, released details of the attack on Monday’s Labor Day holiday.

“Los Angeles Unified detected unusual activity in its information technology systems over the weekend, which after initial review, can be confirmed as an external cyber-attack on our information technology assets,” it explained.

“While we do not expect major technical issues that will prevent Los Angeles Unified from providing instruction and transportation, food or ‘Beyond the Bell’ services, business operations may be delayed or modified. Based on a preliminary analysis of critical business systems, employee healthcare and payroll are not impacted, nor has the cyber incident impacted safety and emergency mechanisms in place at schools.”

The district said it contacted the White House, which rapidly coordinated incident response over the weekend, involving the Department of Education, the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA).

It’s unclear which strain of ransomware impacted the LAUSD, although the FBI and CISA yesterday issued a warning of potential attacks on K-12 schools from the Vice Society threat group, designed to coincide with the start of the new term.

The joint advisory states that the group typically uses Hello Kitty/Five Hands and Zeppelin ransomware variants, but may deploy other types in the future. Under-protected schools and their managed service providers (MSPs) may be targeted as a rich source of sensitive student data.

“Impacts from these attacks have ranged from restricted access to networks and data, delayed exams, cancelled school days, and unauthorized access to and theft of personal information regarding students and staff,” the alert noted.

“The FBI, CISA, and the [Multi-State Information Sharing and Analysis Center] MS-ISAC anticipate attacks may increase as the 2022/2023 school year begins and criminal ransomware groups perceive opportunities for successful attacks. School districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable; however, the opportunistic targeting often seen with cyber-criminals can still put school districts with robust cybersecurity programs at risk.”