Los Angeles School District Warns of Disruption As It Battles Ongoing Ransomware Attack

The Los Angeles Unified School District (LAUSD) has confirmed it was hit by a ransomware attack that is causing ongoing technical disruptions. From a report: LAUSD is the second largest school district in the U.S. after the New York City Department of Education. The LAUSD serves over 600,000 students spanning from kindergarten through 12th grade at over 1,000 schools, and employs more than 26,000 teachers. The district said on Monday that it was hit by a cyberattack over the weekend, which it later confirmed was ransomware.

Although the attack caused "significant disruption" to LAUSD's infrastructure, the district said it will resume classes on Tuesday -- after observing Labor Day on Monday -- while it works to restore impacted services. LAUSD said that it does not expect technical issues to impact transportation, food or after-school programs, but noted that "business operations may be delayed or modified." It warned that ongoing disruptions include "access to email, computer systems, and applications," while a post from Northridge Academy High, a school in the district, confirmed that teachers and students might be unable to access Google Drive and Schoology, a K-12 learning management system, until further notice.

Re:Which OS?

[haruchai]

By any chance, did this ransomware execute on anything other than MS?

We're long past the point of smugly dismissing one platform or another as insecure crap.
If you're big enough to matter you're a target & *everyone* has done a bad job of cybersecurity

Re:

[eneville]

We're long past the point of smugly dismissing one platform or another as insecure crap.
If you're big enough to matter you're a target & *everyone* has done a bad job of cybersecurity

Some things put you at higher risk though. AD's "call home" model requires comms going from low security zones to higher security zones. Compare that to ssh/ansible that go high security to lower security zones.

There's no reason why MS can't use that admin style powershell would do that, but nobody does.

Re:

[trylak]

I'm not sure why you'd design your AD environment like that though.

Re:

[GoTeam]

Because you only live once! Live fast and break shit!!

Re:

[ToasterMonkey]

We're long past the point of smugly dismissing one platform or another as insecure crap.
If you're big enough to matter you're a target & *everyone* has done a bad job of cybersecurity

Some things put you at higher risk though. AD's "call home" model requires comms going from low security zones to higher security zones. Compare that to ssh/ansible that go high security to lower security zones.

There's no reason why MS can't use that admin style powershell would do that, but nobody does.

Why are you comparing AD to SSH? SSH is just a remoting protocol in this context. There's absolutely nothing magic about Linux LDAP and Kerberos solutions that makes them immune to dumb architecture decisions like untrusted servers sharing authentication services with more trusted servers. And why would you deploy AD like that anyway, that's a dumb admin problem not an AD problem, and there's plenty of dumb admins in charge of directory services and authentication systems on any OS, trust me.

Re:

[gweihir]

It is not that simple. Linux can give you far better security, but you need to know what you are doing. If you are clueless, Linux and Windows security sucks, and a Mac is just a bit better but not good either. If you know hat you are doing in the security space and have time to do it, Windows sucks less, but still sucks, Linux can be turned into an almost impregnable fortress and Macs are somewhere in between. That is a more complex answer and situation and given that hiring a really good IT security pers

Re:

[terrorubic]

eneville [slashdot.org]: "By any chance, did this ransomware execute on anything other than MS?"

If it was, it would be in the article title /s

Attack on school

[cygnusvis]

Is this not an attack on a school by a foreign actor?

Re:

[Archangel Michael]

I sure hope that was a joke, and not real. But then again, Babylon Bee starts out with a joke and then it turns real.

Re:

[trylak]

There's probably not many companies the size of LAUSD that use paper and pencils to manage their payroll. It sounds like classes will be on track today.

Re:

[HiThere]

It clearly wasn't just payroll. The summary specifically mentions "teachers and students might be unable to access Google Drive and Schoology, a K-12 learning management system, until further notice.".

To me it's not quite clear what that means. It could be a remote classroom app, or it could be a computerized gradebook. Or something else. (Maybe something that delivers and accepts homework assignments?)

Re:Fundlementals

[CWCheese]

Schoology is an online teaching app with zoom-like capability built in; I've heard of it from some friends who work as teachers in LAUSD, they hate the app and hate the ridiculous teaching methods being employed after the return to school. The students by and large are sitting in classrooms with a teacher, everyone is on a laptop but the teacher may not be teaching any one of the students in front of him, instead he is teaching an online class with students sitting in other classrooms or at home, while the students inside his classroom are each attending other classes via the online app. (BTW this applies to women teachers too, in case the old style grammar trips up anyone reading this)

It's insane to try teaching this way, which is why 20% of LA students didn't show up on day 1 this semester, and the district is flailing in dealing with the 20% revenue cut since they get state/local tax allocations based directly on daily attendance. During the lockdown they could simply assert that every student was in attendance, but now they have to count actual persons and find there's 1/5 less students.

Re:

[ShanghaiBill]

20% of LA students didn't show up on day 1 this semester

The 20% drop was much more than was expected. Many families switched to private or charter schools when the unions blocked the public schools from restarting f2f classes and are now happy where they are. But LA is also suffering from a birth dearth and falling immigration.

Re:

[v1]

We use google drive here, and to access a school domain it has to auth through our servers. So despite it being a cloud hosted service no one would have access if our auth servers were down. (I don't handle that part, but I'm assuming when it bounces gmail to our login page it gets a token and then uses that to login to their gmail account)

Which seems a bit weird, as cloud services are generally considered "insulated" from local "hardware failure", which this sort of is. But even cloud services can have d

Microsoft Ransomware ©

[terrorubic]

Totally useless article !

The Usual Comments

[nuckfuts]

I see the usual comments piling in. Don't use Microsoft. Know what you're doing and take all necessary security precautions. The fact is is very hard to stay secure. You can do everything right and still get hit. You can patch a thousand vulnerabilities yet it still takes just one to knock you over. There's this thing called 'zero-day' vulnerabilities, for example. There was one today in Google Chrome, which is used all over the place! Security is a far bigger challenge than Microsoft products or sloppy adm