The Los Angeles Unified School District, the second largest school district in the U.S., has been struck by a ransomware attack that disrupted services.

The attack, first described by LAUSD as technical issues until later disclosed as a ransomware attack, struck the school district on the weekend of Sept. 3-4. The form of ransomware used was not disclosed. The school district described it only as “criminal in nature” and causing “significant disruption.”

Disruptions on the network included access to email, computer systems and applications. The district claims that no Social Security number or medical information was stolen in the attack, but notably did not rule out that some personally identifiable information was accessed.

Despite the disruption to its internet networks, Los Angeles schools did open after the Labor Day long weekend today. The Los Angeles Times reported that most online services, including key emergency systems, had been restored and were operating safely.

As a result of the attack, all students and employees were asked to reset their passwords — no small task given that the school district has 640,000 students.

The school district said that it has received “an immediate and comprehensive response” not only from law enforcement such as the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Agency but also obtained assistance from the White House and the Department of Education.

“This egregious cyberattack is the latest example of the pervasive threat that predatory cybercriminals pose to everyone from multinational businesses to young school children,” Darren Guccione, co-founder and chief executive of cybersecurity software provider Keeper Security Inc., told SiliconANGLE. “No one is safe from cybercrime and often the most vulnerable among us are the most likely to be targeted.”

John Bambenek, principal threat hunter at cloud data analytics provider Netenrich Inc., commented that this is an example of ransomware gangs continuing to target the soft underbelly of society and that K-12 schools are easy targets because of low spending on cybersecurity. “For organizations that can’t spend a lot, they should focus on resiliency and ensure their disaster recovery plans including replicating and restoring important functions like student grading,” Banbenek said.

Matthew Warner, chief technology officer and co-founder at automated threat detection firm Blumira Inc., explained why schools are attractive ransomware targets.

“Most IT leaders in education operate on a shoestring budget,” Warner said. “Balancing operational IT spend as well as classroom edtech, dealing with pressure from public audits, and navigating administrative politics all point to the fact that obtaining sufficient budget for cybersecurity products is more challenging for IT leaders in education than other industries.”

Photo: Bahn Mi/Wikimedia Commons