Ransomware infected Monroe school district’s computer systems, administrator says

BY Christopher Lang, Correspondent, @topherlang2, MonroeNow, Aug 30, 2019

MONROE – The school district is recovering from a malware attack that happened earlier this summer, the administrator said in August.

District Administrator Michael Gorski provided some details about the incident, which was a ransomware attack, for the first time at the Aug. 21 Board of Education meeting.

“The district had identified a ransomware attack that impacted the availability of some of our school systems,” Gorski said. “We have been working diligently to secure our systems and bring them back online. … At this time, we have not found any evidence to suggest that information was taken by the attacker from our school systems.”

Ransomware is a type of malware. It threatens to publish its target data and block access until it is paid. In essence, ransomware is a digital form of extortion. It can enter a computer or network from a Trojan via email attachment or link and once clicked on is activated.

Recently there have been high-profile public entities hit by ransomware. After a ransomware attack on Baltimore in May, city leaders said it would cost more than $10 million to fix the problem. The city is also considering a $20 million insurance plan for future attacks. The city did not pay the ransomware demand.

The website Arstechnica reported that ransomware attackers are also going after school districts. It listed 13 recent attacks, including education operations, with one happening in Hoboken.

Gorski said that all “critical systems” are restored and “we expect all systems for the rest of it to be ready by the start of school.”

As a result, the district is working with a firm that specializes in dealing with malware restoration and prevention and a law firm that deals with privacy.

“That’s an important component because we wanted to make sure that the privacy attorney, the technological firm that’s going to help with the restoration and fortification, the work from our technology director, [Superintendent Dori] Alvich and I were all coordinated in the fashion so that an investigation was performed,” he said. The township police and FBI were also contacted.

Some employees’ accounts “may have been involved,” and those individuals were instructed to change their passwords and will recommend “the same for students when they come back [to school],” he said.

In response to a question from Trustee Michele Arminio, Gorski said he would provide a more formal report, which would include cost impact and the firms used.

“Certainly I have no objection to that,” he said. “But I can report now that both our experts … determined that our prevention methods and our safeguards and firewalls were more than adequate at the time of the attack.”

He added: “Our systems are safe. You can log on now. We will have more information to provide to staff upon the return to school, but we have recovered for the most part from the sense of it.”