Over 540,000 Los Angeles Unified School District students and at least 70,000 employees were the target of a massive ransomware attack over Labor Day weekend, the latest in a string of troubling and dangerous hacks to hit American public school districts. Although authorities have not identified the culprit, anonymous sources told the Associated Press on Wednesday that foreign actors were likely responsible, and pointed towards recent, similar work from the Russian hacking syndicate, Vice Society.

Ransomware attacks are pretty much what the name implies—targets’ data is hacked and subsequently encrypted, then held for a ransom. Orchestrators then usually threaten to leak or sell the sensitive information if victims do not pay. Luckily, the district’s superintendent reported no demand was immediately made over the weekend, and schools were able to reopen on Tuesday with no interruption to scheduling. That said, security experts warn the schools may not be out of the woods for some time, if ever.

Earlier this year, a ransomware campaign caused Albuquerque’s largest school district to close for two days. A 2019 attack in Baltimore’s systems cost the city an estimated $18 million to solve. Public school systems are an increasingly attractive target for hacking in recent years, given their often extremely limited cybersecurity budgets and expertise. This has only compounded since the COVID-19 pandemic’s onset, as education across the country relied heavily on virtual learning.

[Related: How a ransomware attack shut down a major US fuel pipeline.]

Another attractive avenue for malicious agents has been the nation’s infrastructure, such as as last year’s Colonial Pipeline ransomware attack. The attack disrupted fuel production and transport across the country. Although these systems often have more robust defenses, they still are regularly not up to par with what dedicated hackers are capable of accomplishing. “You can often discover that very complex, modern technology infrastructures are built on top of these dependencies that are pretty old and rickety,” Shuman Ghosemajumder, the former global head of artificial intelligence at the F5 cybersecurity company, told PopSci at the time.

What makes these kinds of attacks even more difficult to address is the frequent lack of accountability. Not only are syndicates like Vice Society often located in less-than-sympathetic nations, but they also frequently dissolve shortly after a handful of campaigns, only to reform and reorganize under different names and associations.