The Los Angeles Unified School District (LAUSD) has confirmed that a criminal hacking group was able to access their systems and steal data. The attackers demanded that the school district pay an undisclosed amount to prevent the release of the stolen data to the public. However, the district refused the ransom demands, stating that “Paying ransom never guarantees the full recovery of data, and Los Angeles Unified believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate.”

In a tweet Sunday, LAUSD confirmed that the data was published by the hacking group. They also announced that an incident response hotline would be available to assist those who have questions or need support. News outlets report that the leaked data includes “confidential psychological assessments of students, contract and legal documents, business records, and numerous database entries.”

Last August, we published a blog post detailing that the education sector was one of the biggest targets for ransomware attacks. A little over a year later, it appears that statistic has not changed. AllSafe IT’s takeaway from this incident is to remember that oftentimes, it’s WHEN not IF an organization will be hit with ransomware. While it’s important to take steps to prevent an attack, organizations should also assume they will eventually be hit and have a response plan in place.

What can Education Organizations do to prevent or mitigate an attack?

AllSafe IT recommends the following best practices:

• Deploy a multi-layered stack of security solutions like AllSafe IT’s Safe Total, which includes endpoint protection, advanced email security, multi-factor authentication, security awareness training and compromised credential monitoring.
• Implement Backup and Disaster Recovery (BDR). Restoring from backup is the easiest, cheapest and most reliable way to restore data after an attack.
• Assume you will be hit. We only hear about huge corporations in the headlines, but organizations of all sizes are targeted. Do everything you can to avoid an attack, but also be prepared for the worst.
• Have a malware recovery plan. Speaking of preparing for the worst, make sure you have an incident response plan in place. This will enable your IT team to quickly mobilize when a ransomware attack starts and may even be able to stop an attack before data can be encrypted.
• Don’t pay the ransom. Organizations that pay ransom only have an 11% chance of getting all their data back. This is a very poor return on investment indeed

AllSafe IT is proud to have spent over 15 years providing IT services to hundreds of companies—many of those within the education sector. Our specialized services are uniquely tailored to provide our customers with the reliability, protection, and fast services needed to ensure 100% uptime and maximized data security. From comprehensive and preventative cybersecurity strategies to 24/7 customer support, AllSafe IT understands the unique needs of educators.