Los Angeles Unified School District Suffers Ransomware Attack by Vice Society

Victim Profile

The Los Angeles Unified School District is the second-largest school district in the United States, serving over 600,000 students across 1,200 schools. The district is known for its diverse student population and its commitment to providing high-quality education.

Vulnerabilities and Impact

The attack on LAUSD was facilitated by internal login credentials that were leaked on the dark web, granting the attackers access to the district's Virtual Private Network (VPN). Vice Society is known for targeting the education sector and stealing sensitive data, which they threaten to sell if a ransom is not paid. In this instance, the group stole approximately 500GB of data, which may include Social Security Numbers, Passport data, and other sensitive information.

The attack caused significant disruption to the district's IT systems, including email, computer systems, and applications. Despite the disruption, schools were able to open on schedule, and the district was able to implement a response protocol to mitigate the impact on its operations.

Response and Mitigation

In response to the attack, LAUSD has taken several steps to address the vulnerabilities and protect its systems. These include the accelerated rollout of Multi-Factor Authentication (MFA) on all corporate accounts, which adds additional identity verification steps within a login process, making it difficult for hackers to log into a network even with stolen credentials. The district has also initiated a comprehensive response plan, including the deployment of Information Technology personnel at all sites to assist with technical issues, a full-scale reorganization of departments and systems, and the establishment of an expert team to assess needs and support the implementation of immediate security measures.

Lessons Learned

The LAUSD ransomware attack highlights the importance of implementing a data leak detection service, which can notify a business when its sensitive data has been leaked on the dark web, allowing for prompt action to secure compromised accounts. Additionally, enforcing MFA across all corporate accounts can help prevent unauthorized access even with stolen credentials.

Sources

• UpGuard. (2023, March 02). How Did LAUSD Get Hacked in 2022?
• Los Angeles Unified School District. (2022, September 5). Los Angeles Unified Targeted by Ransomware Attack (09-05-22)
• Cybersecurity Dive. (2023, January 24). Los Angeles school system shifts timeline of ransomware attack
• CNN. (2022, October 1). Los Angeles schools ransomware attack: Cybercriminals release hacked data online
• Los Angeles Times. (2023, February 22). LAUSD cyberattack includes at least 2,000 student records