Final exams were also canceled for all of the district’s high school students as the Bergen County school district tries to get its system back online with the help of cybersecurity consultants, officials said.
Tenafly Public School District administrators first identified the security incident Thursday, said district communications manager Christine Corliss. It involved the encryption of data by ransomware on some computers in the district’s network.
The district’s technology department responded “immediately” by isolating devises, shutting down the districtwide computer system, launching an investigation and hiring outside cybersecurity experts, she said.
“The technology team, along with these experts, has been working literally around the clock to address the issue,” Corliss said Wednesday.
Hackers use ransomware to encrypt data and render it useless until an online payment, or ransom, is made to regain access. Ransomware incidents have become increasingly more common in recent years, affecting schools districts, municipalities and even entire counties.
Last month, Somerset County suffered a cybersecurity breach that temporarily shut down the county email system. And last year, the school districts in Hillsborough and Bernards Township had to shutter their schools for a day following suspected cyberattacks.
It’s unclear who is responsible for the ransomware attack in Tenafly or how much money they requested.
When asked if the school district will pay the ransom, Corliss said “there was nothing definitive at this time.” However, she added law enforcement agencies were involved with the investigation.
The Bergen County Prosecutor’s Office and the New Jersey State Police Cyber Crimes Unit have been notified by local authorities of the ransomware crime, Tenafly Police Chief Robert Chamberlain said. But the main agency investigating the incident is the Federal Bureau of Investigation. “Something like this is way above our capabilities,” Chamberlain said.
Staff, parents, and students in Tenafly were notified of the security breach Thursday morning and have been receiving regular updates via the Tenafly Public School notification system, which is based outside of the district, officials said.
“I know that this is a concerning issue for all of us. While we believe this is an isolated incident, we are committed to taking steps to assist with the prevention of this type of incident from occurring again,” wrote Superintendent Shauna DeMarco in an update sent Saturday.
Classes have not been cancelled, but the lesson plans have been modified, school officials said.
Instead of relying on Google Classroom for science class, kids are engaging in hands-on STEM activities, Corliss said. Students have also been intrigued by the old school overhead projectors — relics from a bygone era before dedicated computer projection systems and interactive whiteboards.
“We have system issues and we have to deal with it, but it kind of brings you back in time a bit to do things the old fashioned way. And there’s something to be said for a little bit of that too. So, we see a lot more face-to-face, a lot more phone calls and a lot less email,” Corliss said.
On Tuesday, the district announced all final exams for high schools students were canceled in light of the ransomware attack. There are no plans to reschedule them.
Corliss said the decision was made “primarily because we didn’t think it was fair to the students.”
Students cannot access Google Classroom, Genesis, email or similar services.
Ironically, Tenafly Public Schools had just completed a technology audit and was in the process of finalizing its recommendations when the attack occurred, officials said.
The district will begin implementing some of those improvements as it restores its systems after the ransomware attack, so it might take a little more time for the district’s computer system to get up and running.
On Wednesday, Corliss said she could not provide a definitive timeline for when the restoration process would be complete.
“Right now, it’s progressing smoothly. We anticipate that it will just be a few days, but we don’t really want to put a firm time stamp on it just to be safe,” she said.
©2022 Advance Local Media LLC. Distributed by Tribune Content Agency, LLC.
