Everything we know so far about the ransomware attack on Los Angeles schools • TechCrunch

A Russian-speaking hacking group known for targeting schools claims responsibility

Los Angeles Unified The district, or LAUSD – the second largest school district in the United States with more than 1,000 schools and 6,000 students – confirmed this week that cyber attack over the weekend, interrupting its access to its IT systems.

Details of the incident, described as “criminal in nature” and later confirmed as ransomware, is still ambiguous. It remains unclear if the data was stolen, and although LAUSD resumed classes as planned on Tuesday after the long Labor Day weekend, the impact on schools is currently unknown. clear. LAUSD communications director Shannon Haber did not respond to multiple requests for comment.

While there’s a lot we don’t know yet, some details about the incident are starting to emerge.

Vice Society statement of responsibility

Vice Society, a Russian-speaking ransomware group known for targeting the education sector, has claimed responsibility for the LAUSD ransomware attack.

Vice President is a group of double extortion ransomware, which means that it usually takes away sensitive data of the victim as well as encrypts it. This group is known to have broken into victims’ networks by exploiting the Windows PrintNightmare vulnerability.

A review of the Vice Society’s leaked website did not list LAUSD, but several other US school districts are currently listed on the site, including Wisconsin’s Elmbrook Schools and the Moon School District in Allegheny County.

TechCrunch asked LAUSD if it could confirm that Vice Society was behind the attack but received no response.

The Vice Society statement comes days after the FBI and CISA warned that the ransomware group, which has been active since 2021, is “disproportionately targeting the education sector with ransomware attacks.” One general government advisor This week warned that K-12 educational institutions, like LAUSD, are frequent targets of attacks, which lead to limited access to networks and data, delay exams, cancel school days, and steal personal information of students and staff.

Brett Callow, a ransomware expert and threat analyst at Emsisoft, told TechCrunch that LAUSD is the 50th educational institution hit by ransomware this year alone.

Feedback from LAUSD

While LAUSD has yet to confirm the impact of the ransomware attack, the district says in an update 8 that it was making progress toward “full operational stability” for several key IT services. LAUSD has not said which services are up and running, but has previously said students and teachers may not be able to access email, Google Drive, and Schoology, a popular learning management system.

LAUSD said that all compromised logins have been completely disabled to protect the integrity of the network and added that it is moving forward with the rollout. multi-factor authentication across the district. LAUSD is in the midst of a large-scale rollout of multi-factor authentication, with the aim of making security mandatory for employees and contractors starting September 12, according to the report. to a LAUSD message which was later posted on Twitter.

Superintendent Alberto M. Carvalho said, “This incident is a stark reminder that cybersecurity threats pose a real risk to our District – and counties across the country.”

Debugging dark web data leak

Earlier this week, The report appears that the login credentials of “at least 23” LAUSD employees have appeared on the dark web. The reported credentials contained email addresses and passwords, and at least one set of credentials allegedly unlocked the account for the district. virtual private network Service.

However, in its published update, LAUSD says that “compromised email credentials reported found on nefarious websites are not related to this attack, as has been reported by regulatory authorities.” corroborated by federal investigation.”

A previous ransomware attempt?

LAUSD was the target of a previous ransomware attack in 2021, according to threat intelligence firm Hold Security, via Cybersecurity reporter Jeremy Kirk. According to the company, a school psychologist’s machine was infected with Trickbot, a financially motivated malware which is sometimes used as a precursor to a ransomware attack.

Hold Security said it alerted the school district, but it is unclear whether any action – if any – has been taken.

“LAUSD may have conducted a response and remediation of the incident. But it foreshadows what is to come this year,” say Kirkcomment on the security company’s findings.

Source link


Kig News: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Back to top button