Vice Society Claims Attack on Los Angeles Unified School District
Industry: Education | Level: Strategic | Source: Achieve.LAUSD
The ransomware attack on Labor Day weekend against the second largest school district in the United States, Los Angeles Unified (LAUSD) has been claimed by the Vice Society ransomware group. The confirmation was reported by Vice Society to BleepingComputer, however evidence of the attack is currently withheld by the ransomware group as "they would not provide any proof of the attack until they published an entry on their data leak site." Approximately 500Gbs of data is claimed to have been obtained by Vice Society. When LAUSD initially announced the attack, the school district mentioned they were engaged with government agencies including the Department of Education, the Federal Bureau of Investigation (FBI), and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) for support. Following LAUSD's announcement, CISA released a #StopRansomware advisory (alert aa22-249a) advising organizations to be wary of Vice Society, especially those in the education industry. Vice Society's attack against LAUSD enforces the urgency of CISA's advisory. Fortunately, the attack did not deter LAUSD from reopening its doors for a new academic year. An update from the school on September 8th, 2022, shared positive recovery efforts stating "Working diligently with federal, state and local partners, Los Angeles Unified continues to make progress toward full operational stability for several core information technology services. The preliminary attendance rate for today is 93%." Remediation efforts included requiring students and staff to reset their passwords in person and the school district is prioritizing the rollout of a multi-factor authentication process. Any credentials identified to have been compromised from the attack have been deactivated, and further enhancements are to be made by the school following the completion of the government agency’s day report.