Skip to Content

CISA and FBI Advisory Warns Ransomware Actors are Targeting Education Sector as Los Angeles Unified School Recovers From an Attack

[Update on 22 September 2022]

In a new update, the hackers who attacked the Los Angeles Unified School District made a ransom demand. However, the officials have not made any response to the demand. Read more: L.A. Unified cyberattackers demand ransom

[Update on 12 September 2022] L.A. school district hit by ransomware

The Los Angeles Unified School District, or LAUSD, is the second largest school district in the U.S., and this week ahead it was hit by ransomware as its 6,000 students were preparing to go back after the long Labor Day holiday. Students returned but IT systems were down and a mass password reset was initiated — though students struggled to access basic learning tools. Vice Society, a Russian-language extortion group, claimed responsibility for the attack, two days after CISA put out an alert warning that the group primarily targets the education sector. The FBI and DHS have joined in LAUSD’s investigation, per the Los Angeles Times. It’s not known what data, if any, was taken, but employee payroll and healthcare are not impacted. This is an incident that will likely spill into the coming week, if not longer, as remediation continues.


The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have published a joint advisory warning that a ransomware threat actor known as Vice Society is targeting the education sector. The warning comes on the heels of a ransomware attack that hit the Los Angeles (California) Unified School District (LAUSD) over the Labor Day weekend; LAUSD schools opened as planned on Tuesday, September 6. An anonymous source said that in the months preceding the attack, LAUSD network account credentials had been offered on the Dark Web.


  • If you look at multi-year attack data, you see that attackers target every sector that has vulnerabilities – which means they target all sectors. Denial-of-service attacks, which includes ransomware, often do target specific times when targets may feel a sense of urgency – holiday shopping, start of school year, tax filing days, etc. But, most ransomware attacks are also data exfiltration type attacks which create their own urgency. Bottom line: use data over headlines and focus on increasing basic security hygiene as “4-seasons” protection.
  • No matter what your sector, you should be prepared for attacks. You should have a plan in place for recovery that you’ve tested, verified your backups and ensured you’re keeping systems updated, particularly boundary control devices. Make sure that all your internet accessible entry points use MFA, for everyone. Treat that VIP or Administrator account as just as likely to be compromised, no matter how careful they are or how strong the password. A level playing field also helps buy-in. If you’re looking to expose more services to the Internet, ensure security posture assessment, and remediation, is required in the process.




    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.