This is the web version of dot.LA’s daily newsletter. Sign up to get the latest news on Southern California’s tech, startup and venture capital scene.

Over the weekend the Los Angeles Unified School District (LAUSD), the second-largest school district in the nation, was hit by a ransomware attack that has caused a “significant disruption.”

Classes resumed on Tuesday following the Labor Day holiday, but a number of essential services – such as faculty email, Google Drive access and computer applications such as the Schoology management system – remain unavailable.

LAUSD said in a press release that the technical issues have not been causing issues with transportation, food service or after-school programs, and maintained that systems critical to the district’s daily business operations – such as employee health care and payroll – were not affected. Still, the full impact of the attack remains unknown, and investigations are ongoing. Officials are trying to determine whether any data has been stolen from LAUSD’s systems.

Ransomware attacks work by encrypting files on a user’s computer system and then demanding a ransom payment in exchange for the decryption key. These attacks often take a multi-pronged approach, by accessing and then selling stolen data even after the ransom is paid.

Ransomware attacks against school districts and universities have been rising steadily. Since January 2022, more than 20 such attacks against higher education institutions in the U.S. have been reported. These have become such a persistent issue that some of the organizations behind the attacks–such as BlackCat, LockBit and Vice Society–have become household names in the cybersecurity world.

According to Steve Tcherchian, CISO of Simi Valley cybersecurity solutions firm XYPRO, public, heavy-traffic resources like schools and hospitals are particularly attractive targets for these kinds of attacks.

“Schools and the healthcare industry are low hanging fruit for attackers because cybersecurity awareness and protection has not been a high priority,” Tcherchian said. “Often times, security awareness training for school employees is sitting through an hour-long video or clicking through slides and attesting that you completed the training. That’s not training.”

Additionally, schools work with a number of third-party companies and organizations to run their operations, giving bad actors and criminals more potential targets.

In November of 2021, a Government Accountability Office (GAO) report found that the Education Department’s plan to counter threats to K-12 schools has become significantly outdated; a group of Democratic senators pressed at the time for increased action at the federal level. Earlier this month, the FBI, Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Homeland Security’s Multi-State Information Sharing an Analysis Center (MS-ISAC) issued a joint warning that more of these attacks should be expected in the new school year, especially by the Vice Society group.

LAUSD has created a task force to provide monthly cybersecurity status updates, and will provide some additional mandatory training for employees. Tcherchian suggested that these plans may not go far enough. Instead, he suggests the district should “enable multi-factor authentication for everything, including teacher and student logins… Today, the superintendent said this hasn’t been implemented because of the size and scale of the LAUSD user base, but as this weekend’s events proved, that’s not a good enough reason not to do it.”

School districts are already pressed for funds, making new investments in cybersecurity difficult. According to a report from the IT security firm Sophos, about 46% of the organizations targeted by ransomware attacks last year simply paid their attackers off (and those numbers could be artificially depressed as some organizations might not have admitted that they paid). Earlier this year, North Carolina became the first state to ban school districts and universities from paying ransomware extortion fees, though its rule doesn’t apply to private schools in the state.

Still, one thing remains clear above all else. If you get an email that looks official but seems in any way questionable at all, don’t click any links, and just report it to your head of networking and IT. They’re probably trying to sneak into your computer system. Those jerks..— Lon Harris

--

The sponsor of today's newsletter is Fenwick, one of the world's top law firms focused on technology and life sciences, including leading games, digital media, entertainment, blockchain and NFT practices. Attorneys in Fenwick’s Santa Monica office and nationwide represent more than 1,000 greater Los Angeles-based startups, established companies and venture capital investors in corporate, IP, litigation, regulatory and tax matters.