PORTLAND, Ore. — Students in the Centennial School District are still not able to access online classes after a large cyber-security breach a week ago.
On Monday, students dropped by their schools to pick up paper work packets. Some students picked them up last Friday.
Carol Fenstermacher, with Centennial School District, said the district's computer systems are still shut down after a malware cyber breach.
She said some students who chose hybrid have been able to come back for in-person learning, but those students who are online will learn on their own using the paper packets.
“We also have folks in from companies that are helping our IT folks. But they're slowly trying to bring some of the servers back up and they have to make sure things are cleaned up, that there’s nothing in there that shouldn’t be there. So it’s a long slow process,” said Fenstermacher.
Kerry Tomlinson is a cyber expert and is editor in chief for the Archer News Network, which focuses on news related to the digital world. She's not connected to the incident at the Centennial School District, but spoke generally about her observations.
“There are very few kinds of malware that would affect the district like this, other than ransomware,” Tomlinson said.
She said ransomware involves a cyber-attack where information is scrambled and the attacker wants money to unscramble it. In the pandemic with distance learning, hackers know that computer systems at schools are even more crucial.
“The most common reason that schools are shut down because of a cyber-attack, is ransomware. It is rampant. It is happening all over the world, constantly every month there’s a new set of schools that is having to shut down because of ransomware,” said Tomlinson.
She mentioned a recent ransomware attack on a school district in Florida where, according to the AP, a gang encrypted the school district’s data and demanded $40-million or it would erase the files and post both student and employee personal information online. In that case, the district said it made no payment to the ransomware gang.
Brett Callow is a threat analyst for Emsisoft, a company that produces anti-malware and anti-virus software. Callow said that in roughly 70% of ransomware attacks, data is stolen. In some cases, that data is used to extort payment. Sometimes stolen data can also be sold on the dark web.
"So far this year, there have been 30 successful attacks on the US education sector, disrupting education at 615 individual schools and colleges," said Callow in an e-mail.
Back at the Centennial School District, Fenstermacher said she can't confirm whether or not the malware they're dealing with involves a ransom, but they're working with organizations that will hopefully help with that.
“They haven't really gotten into what everything is, what does it mean, if it is ransomware, what do they want. We're just not there yet,” she said.
Fenstermacher said the district doesn't have any indication right now that any student information has been compromised but isn’t 100% sure, so outside companies are currently working to try to figure that out.
She said it’s bad enough that a cyber breach happen to a school district, but the timing is terrible.
“Layer it over COVID and the hybrid learning situation and it's just really crazy right now,” said Fenstermacher.
“It’s just taking really long because we’ve got to touch every computer and figure out what’s going on and where this is coming from.”
In the meantime, communication has been and continues to be an issue since all staff emails are down indefinitely.
The plan for learning next week is still up in the air. Fenstermacher said the district will have a better idea of what to tell families later this week as the situation continues to develop.
Tomlinson said the big question is whether the district backed up its data. If so, it may be able to restore the systems it had, but it would still take a while.
She said schools all over should be looking at cyber-attacks as a very real threat.
“A recent survey done by IBM shows that still many school district do not think cyber-attacks and ransomware are a big deal,” said Tomlinson who wrote a news article about the issue three years ago.
“It is a problem. It is a big problem.”
She said in addition to other school districts taking note of ransomware and other malware attacks, this is an opportunity for parents and community members to take stock of their own passwords and data, and recognize there may be room for improvement to protect sensitive information.