Ransomware Gang Takes Second Largest School District In US To Class In Startling Cyber Attack

Ransomware attacks have been targeting school districts, hospitals, government organizations, businesses, and even hospitals in recent years. It's a rather nasty piece of work; it can cause loss of data, stolen data, more viruses, and even inaccessibility to systems necessary for operations. An entire town in Canada was recently affected by an attack and now Los Angeles Unified School District, unfortunately, has fallen victim to a ransomware attack over Labor Day weekend.

The LAUSD has more than 640,000 enrolled Kindergarten through 12th-grade students across Los Angeles and other smaller municipalities. This makes it the second largest school district in the United States by population after New York City's Department of Education.

An announcement was provided by the school district to the community and publicized via Twitter. It indicated that while it was a victim of an attack, it had managed to implement mitigation allowing students to attend on Tuesday and onwards through the week.

lausd ransomware advisory tweet
Via @LASchools on Twitter

"Despite this significant disruption to our system’s infrastructure, schools will open on Tuesday, September 6 as scheduled. We are working collaboratively with our partners to address any and all impacted services. While we do not expect major technical issues that will prevent Los Angeles Unified from providing instruction and transportation, food or Beyond the Bell services, business operations may be delayed or modified. Based on a preliminary analysis of critical business systems, employee healthcare and payroll are not impacted, nor has the cyber incident impacted safety and emergency mechanisms in place at schools." says the response page from the district.

Some parents and students are stating that they are currently unable to log into online systems. The systems request a password change, but they still are unable to login still after the change. Ultimately the district is currently advising not to use those systems at all.


While there was a lack of preventative measures that caused this to happen, ultimately, the rapid response and transparency the school district is displaying is rather impressive. It has a clear and concise list on the response page it published outlining its plans to improve for the future. Plans include improving training for staff to prevent this kind of thing in the future, better tech investments, additions to information security teams, and more. It has also stated it is working with local and federal officials to investigate this occurrence. It has not been publicized what ransomware gang is taking credit for this attack at the moment, nor what data may have been lost or breached.