BUFFALO, N.Y. — All students in Buffalo Public Schools will stay home and not have class on Monday, the school district announced Sunday evening.
However, district and school-based staff will report to their sites following the news Friday, that the BPS computer system was the victim of a ransomware attack.
"The district will use (Monday) to pressure test system restoration and access as well as communicate any new or required information for students to access virtual learning tools once instruction resumes," BPS said in a statement.
"Principals will be given instructions from IT regarding specifics on how school staff will assist with these recovery efforts."
The school district posted on Twitter Saturday morning that it was working with "technology industry experts and law authorities to resolve the ransomware event."
Superintendent Dr. Kriner Cash told reporters Friday that if the situation is not resolved over the weekend school may be canceled through the week. All remote instruction was also canceled Friday as a result of the ransomware event.
According to Cash, the school district approved a $40,000 emergency contract with Grey Castle for a cybersecurity investigation. The FBI is also assisting the district.
School officials say no demands have been made at this time. However, they say the FBI believes the ransom may be between $100,000 to $300,000 and could be negotiable.
"This could have a significant impact on our operations going forward into next week," Cash said. "We are hoping that we can solve this issue this weekend. We will be bringing the consultant on-site and getting to work right away, but it may take time, and we just don't know until we know exactly the depth and the breadth of the problem."
Daniel Greene is a lawyer who leads the Incident Response team and serves as a Breach Coach at Beckage PLLC. He says when it comes to cybersecurity attacks such as this one, there's no saying how long a resolution might take.
"Speed certainly matters, but you want to be as responsible as possible when trying to understand what happened and how you can prevent it from happening again," Greene says.
As for attacks like these, Greene says, unfortunately over the past year, they have increased largely due to the pandemic.
"Timing couldn't be worse. Coronavirus and the move to distribute work forces have really created a ton of opportunity for the bad guys to exploit more entities, including school districts," Greene said.
In the letter released on Sunday, the district says it will, "implement a longer term comprehensive initiative to enhance IT security and infrastructure going forward."
"There are teams of lawyers and forensic response specialists who knows this space very well," Green emphasizes. "It is essential after a ransomware attack that you call in the right team."
Another thing to consider, Greene says, is that potential victims are typically not singled out. Which means, it's important to be vigilant when it comes to protecting your own information - starting with your email.
"Taking that time to pause and think what's in an email's body, what it's asking you is key," he says.
2 On Your Side will continue to follow this story as new details unfold.
,