Last week, the Los Angeles Unified School District announced that it was hit by a devastating ransomware attack. LAUSD\u2014the second-largest school district in the country, with more than 1,000 schools and 640,000 students\u2014suffered the disruption just two weeks after the start of the fall semester.<\/p>\n
Instead of getting in the groove of homework, sports, and extracurricular activities, upon returning from the Labor Day holiday, LAUSD required all district employees (teachers, support staff, and administrators) and elementary, middle, and high school students to reset their email account passwords in person at a secure district site.<\/p>\n
A Russian hacking group, Vice Society, later revealed that it was responsible for the hack, claiming it had captured 500 GB of data. That followed a joint advisory warning from the FBI (Federal Bureau of Investigation), CISA (Cybersecurity and Infrastructure Security Agency), and MS-ISAC (Multi-State Information Sharing and Analysis Center)\u2014fortuitously released the day LAUSD announced its ransomware attack\u2014that accused Vice Society of specifically targeting the education industry in the United States.<\/p>\n
How Does a Ransomware Attack Affect a School District?<\/strong><\/p>\n First and foremost, the LAUSD attack has dealt a major reputational blow to the school district, which serves all of Los Angeles, 31 smaller municipalities, and some unincorporated parts of Los Angeles County. Press accounts revealed that the district LAUSD was targeted in 2021 by Trickbot, a strand of malware that attempts to cull financial information from infected machines\u2014and typically serves as a test run for hackers considering a full ransomware attack.<\/p>\n In public comments, the district was vague about the impacts of the ransomware attack. But early signs indicate that LASUD students and teachers lost access to email inboxes, Google Drive accounts, and Schoology, a popular learning management system that the district uses. It\u2019s safe to say that would throw a wrench in day-to-day school operations.<\/p>\n In addition, the district had to scramble to respond with enhanced cybersecurity measures, surely incurring steep costs and stress on IT staff. LAUSD completely deactivated all login credentials to protect network integrity. The district also expedited the district-wide rollout of multi-factor authentication (MFA) to add an extra level of protection to newly reset login credentials.<\/p>\n Can Ransomware Be Stopped?<\/strong><\/p>\n It\u2019s easy to feel overwhelmed by the frequency of these attacks\u2014in fact, cybersecurity experts estimate that more than 50 educational districts in North America have been struck by ransomware in 2022 alone. Yes, it\u2019s incredibly easy for ransomware to negatively impact a business or organization. All it takes is one click on one malicious link or one download of an illicit file for ransomware to take over IT systems. But advanced planning, increased education, and smart digital hygiene can protect your company and its staff.<\/p>\n Here are five solutions that CMIT Solutions recommends:<\/p>\n 1. Make sure your data is backed up regularly, reliably, and remotely.<\/strong>\u00a0The LAUSD ransomware attack hit a school district so big and dispersed that no single data backup could have saved it. But the lack of easily accessible data backups is often a factor that convinces some businesses to risk paying money to hackers in hopes of retrieving their data. With regularly executed, redundantly stored data backups in place, however, recovery can be fast and relatively easy. A trusted IT provider can help you erase the ransomware from infected machines, reset affected systems, retrieve data from its latest backup point, and reinstall everything you thought you had lost.<\/p>\n 2. Implement (and test) a plan to recover that data.<\/strong>\u00a0Many companies think that data backup is enough to survive a natural or manmade disaster. But data recovery and business continuity plans are just as important, laying out the steps necessary to retrieve saved information after an emergency like a ransomware attack. Reviewing and testing those steps is critical, too, making it possible for an affected company to avert a disaster and bounce back quickly from a ransomware infection. Without this kind of plan in place, it\u2019s easy to succumb to crisis mode rather than knowing how to calmly respond.<\/p>\n 3. Provide training and education to save your data (and save the day).<\/strong>\u00a0Empowered with the right kind of information, your employees can serve as the first line of cybersecurity defense. Training simulations can help everyday computer users learn how to identify a scam email, report a phishing attempt, or spot a malicious web ad before falling victim to it. Practical and pragmatic ransomware training can also teach employees what steps to take when a suspected infection pops up.<\/p>\n 4. Strengthen login credentials to keep unauthorized users out of your systems.<\/strong>\u00a0LAUSD had the right idea with their deployment of multi-factor authentication (MFA), which requires a user to enter both their password and a unique code typically delivered via text message, app notification, or email. The only problem is that the MFA rollout arrived too late to stop last week\u2019s ransomware attack.<\/p>\n 5. Work with a trusted IT provider to enhance protection.<\/strong>\u00a0It\u2019s hard to overstate the importance of this kind of relationship. A reliable technology partner like CMIT Solutions will help you assess systems and identify any vulnerabilities that could lead to a cyberattack. An industry leader in the IT space will know how to anticipate new strains of ransomware. An experienced managed service provider will understand the need for a multi-layered approach that includes Internet traffic analysis, endpoint encryption, proactive monitoring, and threat detection. Most importantly, a fellow business owner in your local community will understand the need to solve short-term problems and plan for long-term success.<\/p>\n At CMIT Solutions, we respond regularly to evolving digital threats like ransomware and computer viruses. We\u2019ve worked with thousands of businesses and organizations around North America to protect the devices used by employees in every industry. We work hard to protect data, secure networks, and respond to cybersecurity threats before they negatively impact day-to-day operations.<\/p>\n