“This means that there will be no computer or network access available until further notice.”
Corry Area School District in northwestern Pennsylvania had to make the same decision, as “the district IT staff along with the local police and an outside agency investigated the issue and concluded that the data is not restorable from the servers,” according to emails obtained by Motherboard. “This means that there will be no computer or network access available until further notice.”The aftermath of the hack at Sierra College was chaotic. “I’m doing a presentation on the Chancellor’s Office webinar this morning. Hopefully it doesn’t pop up on my screen! Lol,” Willy Duncan, the president of Sierra College, wrote to Benton on the day of the hack, referring to the ransomware request screen. “Scary stuff, it’s been happening so often lately across so many businesses.”Two days later, a student emailed Benton asking for help after their computer started “acting funny” and they couldn’t log into his college account.
Are you part of a ransomware group? Or do you track ransomware hackers and their activities? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email email@example.com
Benton emailed a colleague asking her to follow up with the student and “confirm the current cybersecurity issue we are experiencing is not transmitted to other computers unless they are District computers on our network and on campus.”“The last thing we need is people to start blaming their personal PC issues on our cyber attack,” Benton wrote. A couple of weeks after the attack, John Deaderick, a professor, emailed Benton saying he was able to update his password without having to use two-factor authentication. “I’m interested in understanding how you were able to reset your password without having a device available to get the pin # required to reset your password,” Benton responded.“Thank you Tom. If I could remember how I reset my password, I’d tell you,” Deaderick said. “Lol! Fair enough,” Benton quipped back. Ironically, the hack on Sierra College happened just a couple of weeks after Benton emailed a listserv of chief information security officers working in the education sector, asking if anyone had recommendations for mandatory cybersecurity courses for staffers. How the Cloud Can Stop RansomwareThe ransomware attacks did not impact all schools the same way. For example, when hackers infected the systems of Victor Central School District in New York, they did force the school to close, but several of the school’s systems were not impacted because they were hosted on cloud-based systems, and other systems were backed up and so relatively easy to restore, according to internal emails.
“If I could remember how I reset my password, I’d tell you.”
These denials leave a gap in transparency and the public’s understanding of the way schools have had to deal with ransomware attacks.Adam Marshall, the senior staff attorney at the Reporters Committee for Freedom of the Press, and an expert in FOIA requests, said that this is a common practice that can be legitimate, but it has also been abused so that government entities “can later argue that those communications are privileged.”
“The public should be able to know what is happening in these schools and how it's affecting them.”