Ransomware Attack Freezes LAUSD Online Systems — But Schools Will Still Open Tuesday

An “external cyber attack” took down many of Los Angeles Unified School District’s online systems over the weekend, leaving a wide variety of applications — from email to the Google Classroom suite — inaccessible to most teachers and threatening to create a rocky return to campus after the holiday break.

“Despite this significant disruption to our system’s infrastructure, schools will open on Tuesday, September 6 as scheduled,” LAUSD officials said late Monday in a statement confirming the attack.

LAUSD’s statement labeled the disruption as a ransomware attack — a “likely criminal” act, the district said. The incident was serious enough that the White House got involved, bringing in officials from the FBI and the federal departments of Homeland Security and Education to assist with a local law enforcement response. The district’s statement was vetted “by a number of entities and agencies.”

Ransomware attacks can render entire computer systems unusable. Untangling the effects of the attacks — which are often launched by hackers who demand ransom fees in exchange for restoring access — cost 954 schools and colleges more than $3 billion “in downtime alone” last year, according to a report by the firm Comparitech.

School Is On. Here’s What Parents Need To Know.

LAUSD officials said late Monday that they “do not expect major technical issues that will prevent Los Angeles Unified from providing instruction and transportation, food or Beyond the Bell [after school] services” this week. Other services, however, "may be delayed or modified." According to the district’s statement:

• Extra information technology staff will be deployed to “all sites” to help with technical issues
• Teachers will take attendance in an “adaptive” manner (which you'd have to imagine means: the old-fashioned way, with paper and pencil).
• Cafeterias will still serve food.
• The payroll department will continue to process paychecks.
• LAUSD’s Daily Pass application is still available for reporting COVID-19 cases (this is a system infamous for overloading and crashing at key junctures of the school year).

"While the investigation continues, Los Angeles Unified has swiftly implemented a response protocol to mitigate districtwide disruptions," the statement said.

There are signs, however, that the district’s systems are not all restored.

As of late Monday, some teachers told KPCC/LAist their access to email was limited. So was access to LAUSD's custom-built student data system, MiSiS, which teachers use to take attendance, the teachers said.

Other applications — like the Schoology classroom management platform — were hampered by problems with the interconnected Google suite, one teacher reported.

The district urged parents to contact LAUSD by phone with any “questions or support needs” at 213-443-1300.

As of early Tuesday morning, a message was popping up on the district website:

The Response To This Attack Could Take Time

As LAUSD officials looked to reassure parents that schools would continue to operate Tuesday, it was also clear from the district’s statement that the response to the attack — if only to figure out how to prevent a future malware incident from occurring — will take months.

LAUSD’s statement included the following actions it said it was taking immediately or "as soon as feasible":

• Charging an independent IT task force with delivering “a set of recommendations within 90 days”
• Directing a “technology advisor” to conduct an overall review of data center operations
• Tasking an "advisory council" with advising on best practices and systems
• Deploying an “expert team” to assess and "support the implementation of immediate solutions"
• A “full scale reorganization of departments and systems to build coherence and bolster district data safeguards”
• Appropriating “any necessary funding” needed to beef up the district’s IT infrastructure