The district has worked to determine the depth of the intrusion, which files and online systems were affected, and how best to restore operations.
BUFFALO, NY – Another long day of collaboration with information technology, cybersecurity advisors, and the FBI was for the Buffalo School District as they tried to recover from Friday’s ransomware attack that shut down their computer systems with a payment request. Your files appear to have been encrypted and the hacker wants to be paid to give the district access again.
The district has worked to determine the depth of the intrusion, which files and online systems were affected, and how best to restore operations.
It obviously hits hard with the COVID that causes distance learning and the cancellation of all classes in person and remotely on Friday and Monday. This is particularly disappointing as the district attempted to resume classes for grades 3, 4, 9, and 11 as phase two of its reopening plan.
Ironically, board member Terrance Heard, chair of the educational support committee, said the panel became aware of some potential cyber threats, including some from suspected child abuse, during the Christmas break and weeks after. According to Heard, on March 10, just days before the attack began, the committee requested a further review of the district’s cybersecurity policies and agreements.
Heard says they worked right.
“I think our cybersecurity, the platforms we use now were top notch – you know what we paid, but somehow something got through,” said Heard.
Holly Hubert is a former FBI Buffalo Office agent who specializes in cybercrime and now runs her own Amherst-based company called GlobalSecurity IQ. According to Hubert, ransomware attacks are nothing new and increased about seven or eight years ago, but they have become even more sophisticated.
“It’s a whole new world now,” said Hubert. “And companies essentially have to spend money that they would not normally spend on safety and prevention measures.”
However, James Page, chief information officer of the New York State School Board Association, points out that “school districts do little for hackers” because they do not have the corporate finance to properly monitor and manage cybersecurity. He believes it is best for them to work with a private computer system surveillance company to detect and possibly prevent such attacks. Some actually run penetration tests to see how secure a system really is.
We should point out that Hubert told us on Monday that she was busy taking calls from other school districts in West New York that feared they could also be hit by a ransomware attack like Buffalo.
Last year we reported that both ECC and Niagara University were exposed to ransomware threats. And one of the most famous incidents of this type happened on the ground in 2017 when the ECMC fell victim. Hubert worked with the FBI on the case and says the hacker or hackers broke into the hospital’s network through a remote desktop system connection when an employee mistakenly opened a fake phishing email attachment.
Hubert realizes that it is not yet clear to what extent the school district is affected, but says, “I think you need to clean all workstations and laptops – anything that was infected you need to do some cleaning and imaging.”
According to reports, the ECMC spent millions of dollars demolishing and rebuilding their entire system rather than just paying ransom to regain access to their vital information.
“You were criticized at the time for taking so long to come back,” said Hubert. “But that was absolutely the right strategy in retrospect, because we now know that other organizations in the US were affected by the same group as ECMC and that there were organizations that paid for the ransomware that did not receive the decryption key.”
Hubert also warns that if the hacker leaves malware or other code in the BPS system that could be reactivated, new attacks could occur. So sometimes a reconstruction is necessary.
Back in the school district, 2 On Your Side asked board member Heard why they had waited until recently to recheck their system a few days before an actual attack. He replied, “We were aware of the threats. Technology is always changing and we’ve spent a lot of money in the past since I served on the cybersecurity board for our schools and districts. This has been an ongoing battle for home security. You have to Update your security and of course the firewalls. In a district like Buffalo – over 34,000 college students – you see a bigger firewall and a bigger threat for things to sneak into. “
BPS Superintendent Dr. Kriner Cash published a letter Monday evening saying the school could restore “devices, systems and applications” to most buildings. As of Monday afternoon, 54 of 67 locations reported “no interference with the Internet or wireless systems”.
The school district says all district and school employees are expected to report back Tuesday and Wednesday. In the meantime, students stay home on Tuesday and have a full day of distance learning on Wednesday.
According to Cash, a message will be sent from each school to each student’s homes on Tuesday telling them when they can sign up for “office hours” so they can learn the new “sign up process” and participate in asynchronous learning.