It’s been a week since the Flagstaff Unified School District was forced to cancel classes due to the discovery of ransomware on some school computers. It’s a malicious software that locks up a computer and its data, unless a ransom is paid. KNAU’s Zac Ziegler reports:
Just before 10:00 last Wednesday morning, a call came in to Flagstaff Unified’s I-T department about a few computers that were acting oddly.
Zachery Fountain is FUSD’s Director of Communications. He says it was a ransomware attack.
“We started identifying the areas where the ransomware was at and started systematically taking those systems offline.”
Within a few hours, FUSD decided the best move would be to disconnect all district computers from the internet and shared servers.
“We didn’t have the confidence in terms of holding school the next day.”
Bertrand Cambou is a professor of cyber security at Northern Arizona University.
He says it’s not surprising the district had to close because modern buildings typically rely on computers to operate.
“Any type of service that is centralized is going to be potentially subject to the attack.”
That can mean a shut down of everything from door locks to fire alarms to accessing student information.
And then of course there’s the money demanded by the hacker.
FBI data show of the nearly 1,500 attacks reported last year, Americans paid $3.5 million to ransomers.
“The hackers used to be individuals. Now they’re institutions with tens of thousands of people sometimes funded by foreign entities.”
Zachery Fountain says for FUSD, the attack meant having to re-format hundreds of computers, and backing up what data they could to new external memory.
“I think we cleaned out all of Northern Arizona of hard drives.”
Fountain says the community stepped up as well during the two days that some 10,000 students were out of class.
“NAU, Yavapai and CCC sent their top IT professionals in to help. We had local grocers like Sprouts who just decided to drop off food because they knew there were people working through the day. And on top of that we had folks showing up and saying, ‘hey, what can I do?’”
The district isn’t able to give too many details at this point because the incident is being investigated by the FBI.
Unanswered questions include who the attackers were, if the ransomware deployed or which district computers were infected.
Fountain says it could have been much worse than shutting down for two days.
The district did not pay any ransom, and cyber security insurance should cover the cost of any fixes.