Cooperative support services and cloud backups helped the district recover from a ransomware attack on Friday, which didn’t affect student information or grades but targeted servers. The FBI is still investigating.
(TNS) — When Victor School District was hit by a ransomware attack in January, classes were canceled for a day. Learning resumed remotely for the district's 4,300 students the next day. And by early the following week, hybrid students were back in their classrooms.
"We didn't pay the ransom," said Tim Terranova, Victor's superintendent.
Victor's experience may hold some lessons for administrators of the Buffalo Public Schools — which were hit by ransomware Friday — and the district's 31,000 students. After canceling classes on Monday because of the cyberattack, Buffalo Public Schools said it would take steps to have students log on and resume some learning Tuesday, with staff in the buildings and children at home. Wednesday, there will be a full day of remote instruction.
The district said it had restored the functionality of equipment, systems and applications in the majority of the district's buildings over the weekend and on Monday. It said 54 of 67 locations reported no disruption to Internet and wireless systems as of Monday afternoon.
But the district said it expected to continue to work with a consultant and the FBI around the clock for at least two more weeks as it investigates the cybersecurity attack. It said it had not determined that any personal information had been exposed.
Classes had been canceled Friday, but not until after thousands of students were already in their classrooms. The district used its first snow day of the year to cancel instruction for all students Monday.
Students were advised in an email Monday that login procedures had changed for accessing Microsoft 365, Teams and Clever, an online portal.
In Victor, the schools were fortunate in that no personal staff or student information had been affected by the cyberattack, nor were grades, Terranova said. The servers on the school's campus had been hit with ransomware, however.
"We cleaned up all the servers and built them back up with backup data," Terranova said.
The district, which is southeast of Rochester, incurred relatively little cost in repairing the damage. Wayne-Finger Lakes Board of Cooperative Education Services (BOCES) provided a team of people to assist Victor, so the district was able to avoid hiring an outside company, he said.
Buffalo Superintendent Kriner Cash signed an emergency contract last week to have GreyCastle Security investigate the breach. GreyCastle is the same company that worked with the Erie County Medical Center four years ago when it was hit with ransomware.
Victor, with the help of BOCES, was able to recover most of its data, Terranova said, although teachers did lose files they had saved only to their laptops. That underscored one of the key lessons that the school district learned from its attack: the importance of backing up files to the cloud, in places such as Google Drive, where data is generally better protected than on local servers, Terranova said.
Still, some information needs to be housed on servers. Victor is taking steps to move its servers off campus, to the extent possible, to BOCES, where he said there is a higher level of protection from attacks. The most important step, though, is staff training, Terranova said. In many cases, ransomware enters a computer system through phishing — sending emails that appear to be from credible people or companies that prompt people to click on a link that introduces a virus.
The better employees are at recognizing and avoiding such emails, the better a district's chances of preventing an attack.
"It could happen anywhere," Terranova said. "You hope your antivirus protection keeps those things from coming in, but no matter what, it's not going to be 100-percent effective. That's why you need the staff training."
News staff reporter Harold McNeil contributed to this story.
(c)2021 The Buffalo News (Buffalo, N.Y.). Distributed by Tribune Content Agency, LLC.
Never miss a story with the daily Govtech Today Newsletter.