Los Angeles school district warns of disruption as it battles ongoing ransomware attack

The Los Angeles Unified School District (LAUSD) has confirmed it was hit by a ransomware attack that is causing ongoing technical disruptions.

LAUSD is the second largest school district in the U.S. after the New York City Department of Education. LAUSD serves more than 600,000 students spanning kindergarten through 12th grade at over 1,000 schools, and employs more than 26,000 teachers.

The district said on Monday that it was hit by a cyberattack over the weekend, which it later confirmed was ransomware.

Although the attack caused “significant disruption” to LAUSD’s infrastructure, the district said it will resume classes on Tuesday — after observing Labor Day on Monday — while it works to restore impacted services. LAUSD said that it does not expect technical issues to impact transportation, food or after-school programs, but noted that “business operations may be delayed or modified.”

It warned that ongoing disruptions include “access to email, computer systems, and applications,” while a post from Northridge Academy High, a school in the district, confirmed that teachers and students might be unable to access Google Drive and Schoology, a K-12 learning management system, until further notice.

LAUSD said that based on a preliminary analysis of critical business systems, “employee healthcare and payroll are not impacted, nor has the cyber incident impacted safety and emergency mechanisms in place at schools." However, it remains unclear whether any data was stolen during the attack, and LAUSD has yet to respond to our questions. Ransomware actors typically exfiltrate a victim’s files before demanding a ransom payment, aimed at further extorting victims by threatening to leak the stolen data online if the ransom is not paid. It’s not yet known who was behind the attack.

LAUSD says it has reported the incident and is working with law enforcement and federal agencies as part of an ongoing investigation and incident response.

“The White House brought together the Department of Education, the Federal Bureau of Investigation (FBI) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to provide rapid, incident response support to Los Angeles Unified, building on the immediate support by local law enforcement agencies,” the district's announcement said.

In addition, LAUSD says it has created a taskforce to provide monthly status updates and will invest in mandatory cybersecurity training for employees. It will also undergo an assessment of existing technology, critical processes and current infrastructure.

Brett Callow, a ransomware expert and threat analyst at Emsisoft, told TechCrunch that LAUSD is the fiftieth education sector entity to be hit with ransomware this year alone. This includes attacks against 26 universities and colleges and 24 districts with almost 2,000 schools between them.