As LA Unified Battles Ransomware, CISA Warns About Back-to-School Attacks

As the school year kicks off across the country, the US Cybersecurity and Infrastructure Security Agency (CISA) issued a warning to districts that threat actor group Vice Society is targeting their systems.

The notice comes just hours after the Los Angeles Unified School District confirmed it was the target of a successful ransomware attack over the weekend. The K-12 school district, the second-largest in the US, has not yet recovered its systems fully, with its main student portal login page out of service, according to local parents speaking to Dark Reading. A district voicemail instructed parents to reset their students' passwords in person or via calling a telephone line, which was seeing hold times of greater than half an hour this morning, parents reported.

"Since the identification of the incident, which is likely criminal in nature, we continue to assess the situation with law enforcement agencies," the LAUSD said in a statement.

CISA explained school districts are attractive targets for ransomware operators because of their vast troves of personal student data stored in their systems.

The advisory added that Vice Society activity can be traced back to summer 2021, and that the group uses a variety of ransomware variants including Hello Kitty/Five Hands, Zeppelin, and others.