A Los Angeles Unified School District (LAUSD) computer lesson is seen on a student's computer, in Los Angeles
A Los Angeles Unified School District (LAUSD) computer lesson is seen on a student's computer, during the global outbreak of the coronavirus disease (COVID-19), in Los Angeles, California, U.S., August 18, 2020.

The Los Angeles Unified School District, the second-largest collection of public schools in the United States, said it was targeted by a ransomware attack over the Labor Day weekend that caused "significant disruption" but did not lead to cancellation of classes.

"Los Angeles Unified detected unusual activity in its Information Technology systems over the weekend, which after an initial review, can be confirmed as an external cyber attack on our Information Technology assets," the district said in a statement on Tuesday, adding it reported the attack to law enforcement agencies.

"It does appear at this point that this incident originated beyond our borders," Alberto Carvalho, the superintendent of the school district, said, though he did not name any foreign actor or country.

Schools remained open on Tuesday but the district statement said business operations might be delayed or modified.

It added that the attack was likely criminal in nature and it had implemented a response protocol "to mitigate Districtwide disruptions, including access to email, computer systems and applications."

The statement did not specify what information, if any, was breached. It said that employee healthcare and payroll information and the safety and emergency mechanisms in schools had not been affected by the attack.

The White House said it had spoken with the district about the attack.

Separately, U.S. government agencies issued a public advisory on Tuesday saying a ransomware gang known as Vice Society, which emerged last year, had been "disproportionately targeting" the education sector with ransomware attacks.

The agencies anticipated attacks might increase as the 2022-23 school year began and ransomware groups perceived opportunities for successful attacks, the advisory said.

A Department of Justice official said last year the U.S. was elevating investigations of ransomware attacks to a similar priority as terrorism.

Ransom software works by encrypting victims' data. Typically hackers will offer the victim a key in return for cryptocurrency payments that can run into the hundreds of thousands or even millions of dollars.