Connecticut School District Hit with Ransomware Attack

The Bridgeport Public Schools computer system was initially attacked Friday, though officials offered few details about the scope of the incident or the type of data affected.

by Kinda Conner Lambeck, Connecticut Post / January 9, 2019

(TNS) — The city school district’s computer network was attacked Friday by a virus caused by an outside entity that intended to hold district data hostage for ransom, district officials say.

Currently, there is no evidence of any data theft in the attack, Jeffrey Postolowski, director of technology services, said in an email response on Tuesday.

Rather, some district data was encrypted by a virus and reportedly held for ransom. How much? Postolowski didn’t say. What kind of data was masked and how much? He wouldn’t say that, either.

Some teachers, however, came forward on Tuesday to say that the data mostly lost has been theirs: years’ work of lesson plans and teaching materials stored on district servers.

“They are unable to access their files,” said one teacher who asked not to be identified.

“I know one teacher who had 18 years worth of teaching materials saved at work, not at home. That would be gone, currently,” the teacher said.

Other teachers, who put materials on Microsoft One or cloud-based platforms, were not affected.

“So my teaching materials are OK,” the teacher said.

Student work reportedly was not compromised because they are kept on a Google Drive.

Neither were the personal data of students or teachers, Gary Peluchette, president of the Bridgeport Education Association, said he was told.

“They are working to get it restored,” Peluchette said after meeting with Schools Superintendent Aresta Johnson.

In his email, Postolowski said he is working with the principal security architect of the District Information Security vendor in conjunction with Multi-State Information Sharing and Analysis Center and law enforcement officials to resolve the incident as quickly as possible.

Board Chairman John Weldon said on Monday he was assured no sensitive information was compromised.

“The way it was explained to me the responsibly party doesn’t have access to the information, just control (of) it,” said Weldon. “They locked us out.”

The attack did not affect emails or the district’s PowerSchool platform which contains student data including grades, officials said.

Johnson said IT staff worked through the weekend to stop the attack which was first noticed on Friday.

On Friday, Johnson said the district’s computer system was “down” in explaining why she could not retrieve last year’s attendance statistics.

Recovery apparently is ongoing, although Postolowski did not say how far the district had gotten in restoring its system or how the restoration was being accomplished.

Postolowski also did not speculate on how the breach may have occurred.

In an message sent to staff Sunday evening, Postolowski said the district was requiring a mandatory password change to get into the system. Staff were also warned not to bring in personal computers and to report any strange activity.

So called ransomware attacks have occurred to other organizations, companies and school districts around the world including several in Connecticut. Ransom is demanded in exchange for unlocking data. In many cases, the victim is presented with a message explaining that their files will only be decrypted once an untraceable Bitcoin payment is paid.

It is unclear if that has happened in Bridgeport’s case.

©2019 the Connecticut Post (Bridgeport, Conn.). Distributed by Tribune Content Agency, LLC.

Platforms & Programs