Last week, the Los Angeles Unified School District announced that it was hit by a devastating ransomware attack. LAUSD — the second-largest school district in the country, with more than 1,000 schools and 640,000 students — suffered the disruption just two weeks after the start of the fall semester.
Instead of getting in the groove of homework, sports, and extracurricular activities, upon returning from the Labor Day holiday, LAUSD required all district employees (teachers, support staff, and administrators) and elementary, middle, and high school students to reset their email account passwords in person at a secure district site.
A Russian hacking group, Vice Society, later revealed that it was responsible for the hack, claiming it had captured 500 GB of data. That followed a joint advisory warning from the FBI (Federal Bureau of Investigation), CISA (Cybersecurity and Infrastructure Security Agency), and MS-ISAC (Multi-State Information Sharing and Analysis Center) — fortuitously released the day LAUSD announced its ransomware attack — that accused Vice Society of specifically targeting the education industry in the United States.
How does a ransomware attack affect a school district?
First and foremost, the LAUSD attack has dealt a major reputational blow to the school district, which serves all of Los Angeles, 31 smaller municipalities, and some unincorporated parts of Los Angeles County. Press accounts revealed that the district LAUSD was targeted in 2021 by Trickbot, a strand of malware that attempts to cull financial information from infected machines — and typically serves as a test run for hackers considering a full ransomware attack.
In public comments, the district was vague about the impacts of the ransomware attack. But early signs indicate that LASUD students and teachers lost access to email inboxes, Google Drive accounts, and Schoology, a popular learning management system that the district uses. It’s safe to say that would throw a wrench in day-to-day school operations.
In addition, the district had to scramble to respond with enhanced cybersecurity measures, surely incurring steep costs and stress on IT staff. LAUSD completely deactivated all login credentials to protect network integrity. The district also expedited the district-wide rollout of multi-factor authentication (MFA) to add an extra level of protection to newly reset login credentials.
Can ransomware be stopped?
It’s easy to feel overwhelmed by the frequency of these attacks — in fact, cybersecurity experts estimate that more than 50 educational districts in North America have been struck by ransomware in 2022 alone. Yes, it’s incredibly easy for ransomware to negatively impact a business or organization. All it takes is one click on one malicious link or one download of an illicit file for ransomware to take over IT systems. But advanced planning, increased education, and smart digital hygiene can protect your company and its staff.
Here are five solutions that CMIT Solutions recommends:
1. Make sure your data is backed up regularly, reliably, and remotely — The LAUSD ransomware attack hit a school district so big and dispersed that no single data backup could have saved it. But the lack of easily accessible data backups is often a factor that convinces some businesses to risk paying money to hackers in hopes of retrieving their data. With regularly executed, redundantly stored data backups in place, however, recovery can be fast and relatively easy. A trusted IT provider can help you erase the ransomware from infected machines, reset affected systems, retrieve data from its latest backup point, and reinstall everything you thought you had lost.
2. Implement (and test) a plan to recover that data — Many companies think that data backup is enough to survive a natural or manmade disaster. But data recovery and business continuity plans are just as important, laying out the steps necessary to retrieve saved information after an emergency like a ransomware attack. Reviewing and testing those steps is critical, too, making it possible for an affected company to avert a disaster and bounce back quickly from a ransomware infection. Without this kind of plan in place, it’s easy to succumb to crisis mode rather than knowing how to calmly respond.
3. Provide training and education to save your data (and save the day) — Empowered with the right kind of information, your employees can serve as the first line of cybersecurity defense. Training simulations can help everyday computer users learn how to identify a scam email, report a phishing attempt, or spot a malicious web ad before falling victim to it. Practical and pragmatic ransomware training can also teach employees what steps to take when a suspected infection pops up.
4. Strengthen login credentials to keep unauthorized users out of your systems — LAUSD had the right idea with their deployment of multi-factor authentication (MFA), which requires a user to enter both their password and a unique code typically delivered via text message, app notification, or email. The only problem is that the MFA rollout arrived too late to stop last week’s ransomware attack.
5. Work with a trusted IT provider to enhance protection — It’s hard to overstate the importance of this kind of relationship. A reliable technology partner like CMIT Solutions will help you assess systems and identify any vulnerabilities that could lead to a cyberattack. An industry leader in the IT space will know how to anticipate new strains of ransomware. An experienced managed service provider will understand the need for a multi-layered approach that includes Internet traffic analysis, endpoint encryption, proactive monitoring, and threat detection. Most importantly, a fellow business owner in your local community will understand the need to solve short-term problems and plan for long-term success.
At CMIT Solutions, we respond regularly to evolving digital threats like ransomware and computer viruses. We’ve worked with thousands of businesses and organizations around North America to protect the devices used by employees in every industry. We work hard to protect data, secure networks, and respond to cybersecurity threats before they negatively impact day-to-day operations.
We’ve spent 25 years working with school districts, small businesses, and every sized company in between to prevent ransomware attacks. Contact CMIT Solutions today to protect your business, your data, and your employees.