The Los Angeles Unified School District has confirmed that it was hit by a ransomware attack on its IT systems over the weekend. District officials described the incident as “likely criminal in nature,” and said they were assessing the situation with law enforcement agencies. The district initially confirmed on Twitter that this was in fact a ransomware attack.
The LAUSD has over 640,000 students, from kindergarten through 12th grade, including Los Angeles county and 31 smaller municipalities. Schools are opening as scheduled on Tuesday despite “significant disruption to our system’s infrastructure,” the LAUSD said in a statement late Monday night.
It’s sad to see these successful attacks against critical services, such as hospitals and schools, which often don’t have the resources to manage them. Worse, the importance isn’t understood by most until it is fully experienced. Although the LA School District’s announcement includes sweeping changes, it’s a shame they didn’t make them before the crisis.
People still have a diluted perspective on ransomware. There is enough out there on what it is, how it works, and a massive push to ‘stop’ it, but we never solved the foundational problems that make it possible. Ransomware is a missed intrusion, period – I hope their new Advisory Board understands this. The attacks are only possible because of a weakness in an environment that begins with or later involves compromised credentials. If you unsuccessfully manage intrusions, you will eventually fail amazingly with ransomware. Ransomware is on the rise; but again, that is because of these three reasons:
1. We never fixed the core problems (break the cycle of compromise), which allow it to occur
2. It’s profitable for the adversary – therefore, vast incentive
3. It detects itself, so the reported numbers increase – so anyone can ‘find’ it.
I work in a large K12 in our state as a cybersecurity guru and was having this discussion with other members of our IT team. We have a hard enough time trying to keep up with our district’s needs and can’t imagine the amount of issues a small district has and trying to tackle those issues with a minuscule IT team, if you can call a 1or 2 person operation an IT team. Most school districts are low hanging fruit. Although they may not have the money to pay ransoms, they do have money and that can be taken in other ways, such as phishing or account fraud.
Unfortunately, many school districts can’t handle the day to day IT issues let alone the cybersecurity issues. Those priorities need to come from the higher-ups in the districts in order to get any traction and that’s probably not going to happen until they suffer a breach.
Most public school districts are notoriously under-funded. They can barely pay their teachers, so how much do you think they are spending on cybersecurity? This under-investment in cybersecurity makes them prime targets for amateur hackers; the ransomware pros won’t go after the public school districts because they know they have no money to pay a ransom.