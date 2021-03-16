The ransomware attack last week on Buffalo Public Schools continues to disrupt an already disrupted school year.
The school district released some details when the incident happened Friday, but since have been tight-lipped about specifics, like how it may have happened or what hackers may have exposed.
Here’s what what we know – and don’t know:
What did the ransomware do?
“It has handicapped us in terms of being able to access our systems,” Myra Burden, the district’s chief technology officer, said during a news conference Friday.
“As a preventive measure, what we have done is disconnect our systems from internet communication and the actions that we’re taking obviously is to try to contain the ransomware attack – stop the spread if you will.”
Was there a ransom demand?
As of Friday, no.
“We have not had a ransom demand at this point and we do not know if it was an individual or an organization or anything like that,” Superintendent Kriner Cash said during Friday's news conference.
When will instruction resume?
Students will have a full day of remote instruction Wednesday.
When will students return to the classroom?
It’s not clear. The district has not indicated what will happen on Thursday or beyond.
More than 6,000 special education students, high school seniors and students in prekindergarten through second grade had been attending school in person at least two days a week prior to the ransomware attack.
The incident temporarily derailed plans to bring back about 5,000 more students to the classroom two days a week this week.
Were any Social Security numbers, grades or other personal information exposed?
We don’t know yet.
“At this point, our lead investigative consultant and the FBI have not determined that there has been an exposure” of personally identifiable information, Cash wrote in a memo Monday.
The investigation will continue for at least two more weeks, Cash wrote.
What safeguards are the district putting in place moving forward?
The district is installing Carbon Black, which is software that helps stop malware from infiltrating a computer system, on all its servers, according to the memo from the chief technology officer.
Was the district unprepared for an attack?
The district has spent resources in cybersecurity training, Burden said. One of the most important things is awareness.
“There’s often phishing scams and other things that are bait, if you will, for end users that create, say, a tunnel or an opening into the district’s network,” she said.
“To protect an organization to 100%, there’s never any guarantee because every day these type of incidents become more and more sophisticated,” Burden said.
How much is this costing the district?
Cash signed a contract with GreyCastle, a cybersecurity firm, for $40,000. There may be other costs associated, but the school district has not commented.
Why is the FBI involved?
The Buffalo Public Schools alerted the FBI on Friday. When a school district is hit by a malware attack, it is their prerogative whether to contact the FBI.
What is the FBI’s role in this?
The FBI’s job is to investigate to try to determine how the ransomware infiltrated the school district’s computer system, and who is responsible for the cyberattack.
The bureau is not involved with the district’s attempts to recover lost data or its efforts to prevent a future attack.