Hinsdale officials have released few details on the ransomware attack that was discovered Dec. 7, but interim Superintendent David Ryan has said student and staff laptops, classroom computers and computers used by Hinsdale administrators were all examined as part of the investigation.
A ransomware attack is when cyber criminals hack into protected information and hold it hostage for a ransom.
Ryan said that by Dec. 11, the district, which has 532 students, had regained some of its capabilities. On Thursday, Ryan said in an email to The Sentinel that "the incident is not impacting day to day operations. In order to protect the integrity of the investigation we are not able to provide further details at this time." He did not say whether the district paid a ransom to regain its network.
Ryan said school district officials are working with Primex, the district's cyber insurance provider, and a professional cybersecurity response team from the company Sophos to assess the situation. He said the district is also working with law enforcement agencies such as the FBI.
In a state of ransomware report in May, Sophos wrote that of all industries, the education sector was most likely to have experienced a ransomware attack, according to a survey of 3,000 cybersecurity leaders from January to March 2023.
A database maintained by the group K-12 Security Information Exchange reports there were 1,619 cybersecurity incidents in schools between 2016 and 2022. The nonprofit aims to help schools protect themselves from cyber attacks.
Closer to home, during a panel discussion in Manchester this summer convened by Sen. Maggie Hassan, security experts, former school administrators and state officials all agreed that schools are "vulnerable targets" for cyber attacks, the N.H. Bulletin reported.
According to a report from cybernews.com, Hinsdale was one of three school districts nationwide recently compromised by ransomware. The Campbell County School District in Kentucky wrote on its website that files were accessed that included names, Social Security numbers, and financial account numbers of some district employees. The other district, in Glendale, Calif., discovered a ransomware attack on Dec. 6 and posted on Dec. 15 that it was still working to find out the effects, according to its website.
The most common ways cyber criminals transfer ransomware onto computer systems are email phishing campaigns; hacking into remote desktop programs; and taking advantage of security weaknesses in widely used software, according to the federal Cybersecurity and Infrastructure Agency's Stop Ransomware project.
According to the project, the FBI does not recommend paying ransoms because it could encourage attacks on other organizations and fund illicit activities. There is also no guarantee that files will be recovered once a ransom has been paid.
©2023 The Keene Sentinel (Keene, N.H.) Distributed by Tribune Content Agency, LLC.
