IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Lowell, Mass., Schools Working Offline Due to Cyber Attack

Cybersecurity software blocked an intruder from accessing the district's file server, and officials say they're not sure when Internet access will be restored, but teachers came prepared with paper assignments.

cybersecurity resilience,,Web,Safety,,Digital,Defense,Futuristic,Concept,With,Protection,Shield
(TNS) — Almost a year since the April cyber attack on the city's network servers wreaked havoc on municipal operations, Lowell Public Schools announced Wednesday morning that an outside attempt to gain access to the district's file server had been blocked by its cybersecurity software.

"As of now, it appears that there has not been a loss or encryption of any data," Jennifer Myers, a spokesperson for the district, said by email on Thursday. "... to isolate and stop any potential spread, we shut down Internet access across the district."

Central office used a web-based mass email notification system that is still up and running, and accessible through offsite or personal Wi-Fi, to alert staff that the internal systems were offline, said Myers.

Lowell High School senior Kendrick Del Orbe credited the teachers with coming prepared to teach lessons on Wednesday with "paper assignments for the foreseeable future."

"It's definitely affecting students," he said by text on Thursday. "From what I hear, it was pretty serious and our connection in the school might be down for the whole week."

Due to the Internet blackout, publicly available information has not been posted to the district website, but some information was found via its social media channels. The LPS Facebook page noted that the district's Science and Engineering Fair scheduled for Wednesday evening had been postponed.

"Several students need Internet access for their projects and we are not sure when service will be restored to the school network," read the notice posted on Facebook at 11:24 a.m. Wednesday. "Once we have a new date, we will let you know."

Myers said the process of bringing the LPS network back to operational status requires IT staff to visit all schools to verify the installation of newly purchased cybersecurity software and endpoint protections.

"IT staff will need to access every staff computer," she said. "The compromised systems have been decommissioned and IT staff are working to rebuild them. Once this work is complete, the LPS networks will be restored ... The timeline remains unclear, but we hope to have this work completed as soon as possible."

That process troubled Brett Callow, a threat analyst with Emsisoft, an anti-malware and cybersecurity software and consulting company. Callow said hackers often create backdoors during attacks and, if those backdoors are not fully remediated, they can be used to launch other attacks.

"Whether that's the case here, I really can't say," Callow wrote by email on Thursday. "I do find it somewhat peculiar that a blocked attempt to access a single server has resulted in a network-wide shutdown with an unclear timeline for restoration."

The hacking attempt on the school district's system follows the successful April 24 cyber attack on the city's municipal network, which knocked phones, email, financial, human resources and asset management and revenue systems, as well as other ancillary services like dog, business and marriage licenses, offline.

Some of the ongoing issues from that hack include internal capabilities and efficiencies in Lowell Police Department cruisers and security cameras at the Pollard Memorial Library, which had some councilors concerned about public safety.

Unlike the city's cyber breach, in which data was exfiltrated and the city was locked out of its systems, Myers said the situation is less serious with the school's cyber-related incident.

"As far as being sure there was no data breach, our IT department says the investigation determined the attempt was thwarted and the bad actor didn't infiltrate the system," she said.

Myers said the district's IT department works closely with the city's Management Information Systems department, which managed the run-up to and fallout from the city's cyber attack, and "they are working collaboratively on a solution."

Based on the depth and severity of the city's hack, Lowell School Committee member Dave Conway isn't taking any chances with the school district's cybersecurity profile.

In 2021, Conway, then a city councilor, submitted a motion that was eerily prescient. He requested that then-City Manager Eileen Donoghue report on the city's plan against a possible ransomware attack that would ensure that all city departments had sufficient protocols and updated technology to prevent hackers from comprising Lowell's systems.

Conway said he had a "nagging feeling" that cyber criminals were gaining an upper hand against municipalities like Lowell.

His motion for the School Committee's March 6 meeting requests Superintendent of Schools Liam Skinner, "in light of the recent potential data breach, to request an outside audit of the security of our network, to determine how we can maximize the safety of our system."

For students like Del Orbe, the silver lining in the cyber attack is that while the school's Internet is down, personal devices remain connected through their cellular networks.

LPS implemented a cellphone lockbox policy on Jan. 24. The policy is being driven at the state level and is an effort by the Department of Elementary and Secondary Education to encourage districts to enact cellphone prohibitions.

Skinner's memo to the School Committee said the cellphone policy was "to increase student engagement" and to "create a distraction-free learning environment."

Now, both staff and student phones have been a portal to information and learning.

"A lot of teachers are letting us keep our phones," Del Orbe said.

©2024 The Sun, Lowell, Mass. Distributed by Tribune Content Agency, LLC.