Graphic by Quinn Kessel
District falls victim to ransomware attack
September 30, 2018
In late July of this year, the school system fell victim to an attack called ransomware. Ransomware is a type of computer malware that steals information and documents from computers and holds them for a ransom.
According to Board of Education chair Chris Drake, the perpetrators, who were likely foreign, demanded a ransom of around 30,000 USDs. Prior to the attack, the school system had two types of antivirus software installed. Many computers had standard systems in place such as McAfee or Symantec, while others were equipped with more advanced types of anti-malware. Reportedly, computers that were installed with this stronger firewall were protected from the ransomware attack, while the malware was able to get past the simpler systems.
The attackers encrypted much of the school system’s data. “They encrypted the data on almost all of our systems … [including] Powerschool … and the accounting system, which includes payroll and all of the budget information.” said Chris Drake. The two choices were to either pay the ransom and get the data back without any lost time, or to keep the data inaccessible and useless.
The school system initially offered to pay the ransom, but the perpetrators did not respond. According to a hired consultant, this may have meant that their accounts were shut down by the FBI or a similar organization.
This situation left only one option: to lose the encrypted data from the computers and reimage the software. Luckily, the school system’s data gets backed up daily. This meant that no data was completely lost, and could be retrieved in a matter of time. The insurance provider for the school system hired a private consultant to deal with the situation and work out a solution. As a result, the school system only ended up paying a deductible of $5,000. PowerSchool was reportedly up and running again within a day. However, the other stolen data took much longer to recover.
Because of the amount of time it took for the data to be retrieved, many people working at the schools in early summer were unable to access the schools’ computers. Principal Colleen Weiner said, “Everybody that was working lost those couple of weeks, so it made everything more hectic as school started. People that worked over the summer totally couldn’t do anything. Not PowerSchool, not email, nothing.”
Though the attack affected the teachers and other staff members over the summer, there does not seem to be any lasting impact on the district as a whole. When asked if he knew of any impacts or issues in regards to the ransomware attacks over the summer, head guidance counselor Ralph D’Amato said he had no knowledge of the situation. In addition to this, the student body has seen no difference in the data that they can access. Chris Drake said, “I’m not aware of any long-term repercussions. The consultants confirmed that there was no data loss. So, there weren’t any student records that went missing.”
At the beginning of the school year, the district experienced issues with PowerSchool that affected scheduling and delayed students from receiving their information. It is unlikely that this had anything to do with the ransomware attack. By this time, all of the school’s data had been retrieved and restored to the computers.
As a result of this situation, the schools are now better protected from viruses than they were before. Because the computers with the more advanced firewalls did not get infected, the IT department has invested in this type of protection district-wide. But like any virus, this immunity does not last forever, and someday soon the software will need to be updated again.
These types of ransomware attacks are becoming more and more common with the rise in popularity of Bitcoin and other cryptocurrencies. Attacks similar to the one aganst the school system have been carried out elsewhere in the central Connecticut area. In March of 2018, Portland Public Schools was attacked twice. In the same month, the Connecticut Court Systems were also attacked by a comparable virus. Many viruses have caused extreme financial loss. A notable ransomware attack was the WannaCry attack in 2017. This attack caused data damages that amounted to around 4 billion USDs.
These attacks are not pretty, but in the end, the school system took the right steps to ensure that the least possible amount of damage was done and no data was lost.