Ransomware attacks targeting US school districts, hospitals

The district superintendent said the attack had 'catastrophic' potential, threatening to expose personal information of 540,000 students and 70,000 staff, disrupt classroom instruction and meal services, and paralyse a bus system that takes 40,000 kids to school. — Los Angeles Daily News/SCNG/TNS

SAN JOSE: The hackers struck over Labour Day weekend, penetrating the computer network of the second-largest US public school system. And though Los Angeles Unified School District quickly caught the breach, it has laboured through the week resetting student and teacher passwords to access lesson plans and assignments.

The district superintendent said the attack had “catastrophic” potential, threatening to expose personal information of 540,000 students and 70,000 staff, disrupt classroom instruction and meal services, and paralyse a bus system that takes 40,000 kids to school. It drew calls from the White House and prompted a sobering FBI warning this week to school administrators around the country:

Cybercriminals are targeting public schools — and holding them for ransom.

The Los Angeles cyberattack has put Bay Area school officials on high alert.

“Everybody’s jaw hit the floor a little bit,” said Robert Sidford, director of technology and innovation at Mt Diablo Unified School District, adding that it wasn’t so much that such an attack happened, but that it penetrated such a high-profile target. “The shock is really more that they managed to get Los Angeles Unified, with 600,000 students.”

At Oakland Unified, the LA cyberattack prompted its information technology team to issue a message to all staff about being careful with emails from unknown senders and that contain suspicious links. Palo Alto Unified said the attacks were a concern but felt it had adequate security measures in place to help prevent a breach.

Ransomware attacks commandeer an organisation’s computer networks, often through malware disguised as legitimate-looking emails with files or links that unsuspecting employees open and unleash upon the system. The hackers then steal sensitive information — trade secrets, personnel files, financial records and student records — freeze out access to the network and demand payment to restore access and return the files.

The cybercrooks threaten to publicise the stolen data and block access to the network if they aren’t paid, but FBI agents strongly discourage organisations from paying the ransom. Elvis Chan, FBI San Francisco Division Assistant Special Agent in Charge, said in three out of four cases, the hackers don’t restore all access and records and continue to make more payment demands.

“It’s a sucker bet,” Chan said. “Three out of four times they get the key but it won’t decrypt all the data, so maybe you only get 60-70% of your data back. Sometimes they don’t give you the key and move on. Or they may ask you for a second ransom. There’s really no honour among thieves.”

While the investigation continues into who hacked into Los Angeles Unified, the FBI last week said a shadowy extortion outfit known as Vice Society that first appeared in summer 2021 and is likely based overseas has targeted public schools with ransomware attacks. Chan said about 30% of Vice Society’s targets are public schools.

“This ransomware syndicate Vice Society seems to for whatever reason enjoy targeting the public education sector,” Chan said. “The education sector needs to specifically pay attention.”

FBI officials say ransomware is a growing problem. According to the FBI’s 2021 Internet Crime Report, US ransomware complaints have risen from 2,047 in 2019 to 2,474 in 2020 and 3,729 in 2021, with losses jumping from US$9mil (RM40.53mil) in 2019 to US$29mil (RM130.60mil) in 2020 and US$49mil (RM220.67mil) in 2021. California led the states in overall Internet crime victim losses of US$1.2bil (RM5.40bil) in 2021. That includes ransomware, credit card fraud, scams and other crimes.

The report said ransomware tactics and techniques evolved last year and showed “growing technological sophistication and an increased ransomware threat to organisations globally.” The report specifically noted that remote work and online schooling during the pandemic sometimes made computer systems more vulnerable and “left network defenders struggling to keep pace with routine software patching.”

Chan said that there has been growing concern about a particular type of ransomware called Zeppelin that has targeted health care systems and hospitals.

The University of California-San Francisco acknowledged being a victim of such an attack in 2020. UCSF said it “made the difficult decision to pay some portion of the ransom, approximately US$1.14mil (RM5.13mil), to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained.”

Last month FBI officials noted a disturbing new trend in which cybercrime syndicates working with the Zeppelin malware have franchised their operation, often to teenagers who can pay the US$10,000-US$20,000 (RM45,035-RM90,070) franchise fee with a bitcoin or two bought with stolen credit card numbers.

“Not to say that 16-year-olds in a basement wouldn’t target a small business, but we see a trend in the health care industry,” said Joe Oregon, chief of cybersecurity at Cybersecurity and Infrastructure Security Agency Region 9.

Oregon said public schools generally have struggled to keep up with the latest “cyberhygiene” practices, making them attractive targets.

Chan said the schools have been hit with both the Zeppelin and Hello Kitty, or Five Hands, ransomware. The most likely infection route into a network is an email, but they also exploit unpatched system vulnerabilities.

Sidford said extra federal and state funding for schools during the pandemic has helped with cybersecurity. But public schools, particularly in the Bay Area, can’t compete with Silicon Valley’s technology companies for in-house cybersecurity experts. So their technology officials must rely upon law enforcement guidance, vendor support and keeping updated response plans in case they are struck.

“It’s an ongoing effort that requires us to be vigilant all the time,” Sidford said. “Obviously when something like this happens, we talk about it and update our plans. When we send everybody home with a Chromebook, it’s increasingly obvious we need to pay attention to that.” – Bay Area News Group/Tribune News Service

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Next In Tech News

Two 12-year-olds steal teacher’s car, get caught when parents track iPad, US cops say
Navy captain shared ‘erotic’ photos of his ex while impersonating her online, US feds say
Self-driving Tesla crashes into police car as driver uses phone, California cops say
NATO targets AI, robots and space tech in $1.1 billion fund
Brides and grooms are cracking down on wedding guests and publicly shaming those who don’t comply with their gift registries and dress codes
Banning social networks may not be the answer to improving young people’s mental health, researchers say
US health official: Put tobacco-style warnings on social media
Hybrid working has many advantages and few drawbacks, researchers say
This imager chip is inspired by Superman’s powers
Microsoft's Xbox marketing chief to depart for Roblox

Others Also Read