The Flagstaff (Arizona) United School District has become the latest victim in a run of ransomware attacks targeting state and local government organizations across the U.S.
The attack, which was discovered Sept. 4, forced the school district to close all schools Sept. 5 and 6. After staff worked through the weekend, schools were able to reopen on Sept. 9.
Like many other recent state and local government victims of ransomware attacks, the district has refused to pay ransom to its attacker. While the district hasn’t said how much the cybercriminals asked for, they did note that a pop-up message on infected computers had “untraceable contact information to encourage negotiation.”
According to ABC15 Arizona, the school district cut off access to the internet and hundreds of teachers and district employees turned in their Windows devices so the district could scan them for contamination and install new malware protection.
“If we don’t do this, we’re at risk of re-infestation because there could be a contaminated machine that, when they turn the system back on, could cause us to lose all the work that we’ve done in the last couple of days,” Superintendent Mike Penca told ABC15.
Penca further said that the incident response effort is all-encompassing, with staff checking the systems which control school doors, the bell system, transportation services, food services, and air quality controls.
“We know how disruptive this is to our families. Canceling school is one of the most difficult decisions I make as a superintendent and it’s not one I take lightly,” Penca told local news outlets. “We just need to know, when we have kids back, that our school environment is safe and that we can operate as normal.”
Throughout the recovery effort, the school district has had help from the Computer Community College’s IT staff.
“We’re a small community and they are very close to us so we want to help them out. They’d do the same for us,” said Brian Wilson, the college’s director of IT services.
This attack notwithstanding, the school district has been making efforts to improve its cybersecurity posture. In May of this year, the district board approved a $1.8 million five-year contract for security software. The software that was installed on staff devices over the weekend is part of the district’s cybersecurity plan that is already underway. Penca said that the recent cybersecurity incident “just speeds up the timeline.”