BUFFALO, N.Y. — For the Buffalo School District, it's been another long day of working with Information Technology, cybersecurity consultants, and the FBI as they try to recover from Friday's ransomware attack, which took down their computer systems with a demand for payment. Their files were apparently encrypted and the hacker wants to be paid to give the district access once again.
The district has been working to determine the depth of the intrusion, which files and online systems were affected, and how best to restore operations.
It obviously hits hard with the COVID caused remote learning and the cancellation of all classes in person and remote on Friday and Monday. That's especially disappointing as the district was trying to resume classes for grades 3,4, 9, and 11 as phase two of its reopening plan.
Ironically, board member Terrance Heard who chairs the board's Educational Support Committee says that panel became aware of some potential cyber threats including some from suspected child abusers over the Christmas break and weeks after that. Heard says on March 10, just days before this attack began, that committee called for another review of the district's cybersecurity policies and arrangements.
Heard says they they were working properly.
"I believe our cybersecurity, our platforms that we use now were top notch - you know top class in what we paid for but somehow something got through," Heard said.
Holly Hubert is a former FBI Buffalo Office agent who specialized in cybercrimes and now runs her own Amherst-based firm called GlobalSecurity IQ. Hubert says ransomware attacks are nothing new and began to intensify about seven or eight years ago, but they have become even more sophisticated.
"It's a whole new world now," Hubert said. "And companies essentially have to spend money that they wouldn't normally spend in measures of security and measures of prevention."
As New York State School Board Association Chief Information Officer James Page points out though, "school districts are low hanging fruit for hackers," because they don't have the funding of the corporate world to adequately monitor and handle cybersecurity. He feels it is best for them to partner with a private computer systems monitoring firm to detect and possibly prevent such attacks. Some actually conduct penetration tests to see how secure a system really is.
We should point out that Hubert told us Monday she was busy fielding calls from other school districts around Western New York who fear they could also be hit with a ransomware attack like Buffalo.
Last year we reported on both ECC and Niagara University facing ransomware threats. And one of the most publicized such incidents locally occurred in 2017 when ECMC was victimized. Hubert worked on that case with the FBI and says the hacker or hackers penetrated the hospital's network through a remote desktop system connection as an employee mistakenly opened a bogus phishing email attachment.
Hubert realizes it's not yet clear to what extent the school district was hit but says, "I think they will have to clean all the workstations and laptops - anything that was infected they'll have to do some measures of cleaning, reimaging."
ECMC reportedly spent millions of dollars to basically tear down and rebuild their complete system rather than just pay ransom to regain access to their vital information.
"They were criticized back then for taking such a long time to come back," Hubert said. "But that was absolutely in hindsight the right strategy because we know now that other organizations in the US were affected by that very same group as ECMC and there were organizations that paid the ransomware that didn't get the decryption code."
Hubert also warns that there could be re-attacks if the hacker left any malware or other code in the BPS system that could be reactivated. That is again why reconstruction is sometimes necessary.
Back to the school district, 2 On Your Side did ask board member Heard why they waited until very recently to review their system again just days before an actual attack. He responded, "We were aware of the threats. Technology changes all the time and we spent a lot of money in the past since I've been on the board on cybersecurity for our schools and district. This has been a constant battle. Like home security. You have to update your security and of course firewalls. With a district like Buffalo - over 34,000 students - you're looking at a larger firewall and a larger threat that things could sneak in."
BPS Superintendent Dr. Kriner Cash released a letter Monday evening saying the school was able to restore the "functionality of equipment, systems and applications" in a majority of buildings. As of Monday afternoon, 54 of 67 locations reported "no disruption to internet and wireless systems."
The school district says all district and school based staff are expected to report Tuesday and Wednesday. Meanwhile, students will remain home on Tuesday and will have a full day of remote instruction on Wednesday.
According to Cash, a message will be sent from every school to the homes of each student on Tuesday about when they can log on for "office hours" so they can learn the new "log on process and participate in asynchronous learning."