The computer systems in the Los Angeles Unified School District, the nation’s second-largest district, were shut down last weekend following the discovery of a huge ransomware attack, the Los Angeles Times reports.
Law enforcement officials said the district’s quick action may have prevented a complete technological disaster, but shutting down the systems caused delays on the first day of school, Tuesday, as the systems gradually came back online.
Students and staff had to reset their passwords before they could use any of the systems, and that created a bottleneck on the servers that regulate the logins for the district. Fourth-grade teacher Richard Powels was able to reset his password, but his students experienced a wait time of five minutes to access the reset website and then couldn’t update their credentials.
“Hopefully it will be better tomorrow,” the Times quoted the Clifford Street Elementary teacher as saying. As of Tuesday afternoon, “no students can use their devices at school. We’ve had to improvise with our plans a bit to make sure everyone is engaged and learning.”
The Bleeping Computer site reported that the group “Vice Society” took credit for the attack and said that before hackers encrypted the data, they claim to have stolen about 500 gigabytes of it. Because hackers generally cover their tracks, it wasn’t immediately clear what, if any, student data may have been compromised.
Without providing specific details of the attack, Superintendent Alberto Carvalho told the Times that hackers used a “ransomware tool that temporarily disabled systems, froze others, and had access to some degree of data. … We’re still going through student files because … the student management system was touched.”
The attack was discovered Saturday at about 10:30 PM, he said, and the fast response prevented worse consequences. For example, if the district had lost the ability to manage its fleet of buses, “over 40,000 of our students would not have been able to get to school,” Mr Carvalho was quoted as saying. If food services or payroll systems had been taken down, the impact “would have been significant, very disruptive and debilitating to our school system.”
The district is putting in place personnel and procedures to safeguard its data and computer systems against future attacks of this nature, including the use of two-factor authentication for all user accounts and a reorganization of departments across the district to strengthen cybersecurity.