A ransomware attack against the city servers forced several critical systems offline. A software system that delivers real-time information on bus routes was among those impacted by the attack on the servers.
(TNS) — Hartford students will have to wait a little longer to return to school. A computer ransomware attack caused an outage of critical city systems over the weekend, forcing the city to postpone Tuesday’s school reopening by one day, according to officials.
A software system that delivers real-time information on bus routes was among those impacted by the attack on Hartford’s servers, crippling the district’s ability to serve the roughly 4,000 students who take the bus, Superintendent of Schools Leslie Torres-Rodriguez said Tuesday.
Metro Hartford Information Services, a shared department that manages technology services for the city, school system and public safety department, is working to restore the various systems.
The school system notified families Tuesday afternoon that virtual classes, which many families have chosen to reduce exposure to the coronavirus, and the staggered start to in-person learning would begin Wednesday. First to return will be students in third through fifth grade, seven grade and ninth grade, followed by the remaining students over the next two days.
“We regret the unexpected delay and deeply appreciate your patience and flexibility as we resume our plans to welcome all our students back to school,” Torres-Rodriguez said in the message to families.
In recent years, ransomware attacks have knocked the state court system’s computers offline and targeted the Wolcott school system’s servers.
A record number of ransomware attacks in 2019 impacted at least 89 educational systems in the U.S. and 113 state and municipal governments and agencies, according to Emsisoft, a computer security company based in New Zealand. In some cases, students’ grades were lost, surveillance systems went offline and 911 services were interrupted as attackers held networks and information hostage, the report found.
Hartford Mayor Luke Bronin said Tuesday that an investment in new cybersecurity software last year “significantly limited” the damage of the virus, which identified itself as a ransomware attack but did not include a specific demand. Instead, it directed its target to use an email address to get more information on the ransom.
Fred Scholl, the cybersecurity program director at Quinnipiac University, said that instruction was likely the attackers’ attempt at negotiating with the city for as much digital currency as it could get. The international gangs that carry out most ransomware attacks have gotten more sophisticated and now try to extort people for sensitive information, especially data that has no value on the dark web, like student grade records.
“Needless to say, we’re not contacting that email address,” Bronin said. “We’ll let law enforcement deal with that.”
“We don’t know the motive, we don’t know the perpetrator,” the mayor added. “We’ll work to identify the perpetrator and bring that individual or organization to justice, but again, our focus right now is on making sure we fully understand the extent and that we restore everything as quickly as possible and we’ve made good progress in doing that.”
Scholl added that there’s nothing a city or organization can do to stop attackers from scanning their sites and systems for vulnerabilities. They can only prepare, like Hartford did, he said.
“I can’t predict what the next one’s going to be, but there’ll be a next one,” Scholl said.
Gov. Ned Lamont was asked about the situation in Hartford during an afternoon news conference Tuesday.
“To tell you the truth, when I first became governor if you’d asked me what I thought was going to be the biggest risk, I couldn’t even spell coronavirus but I had been really thinking about cyberattacks, and they have not gone away just because we have a COVID crisis right now,” Lamont said. “We’re reminded of that with the attack on the Hartford school system.”
The city became aware of the attack on Saturday and later found that the virus first accessed city systems on Thursday without raising red flags, Bronin said.
Hartford has been in touch with the FBI and the agency will aid in investigating the source of the attack. Bronin said he does not believe any personal, private information or sensitive financial information was stolen.
“You have seen other cities that have had their entire systems taken over, been locked out of their systems or have seen information stolen and ransoms demanded,” Bronin said. “To the best of our knowledge, we successfully guarded against that.”
The city spent between $400,000 and $500,000 last year on its new cybersecurity software, which helps detect malicious activity. Bronin said that layer of defense detected this attack early, allowing the city to lock down its compromised systems, some of which were still being restored Tuesday.
The city has not incurred any costs from the attack aside from staff time, said the mayor’s chief of staff, Vasishth Srivastava.
The attack also impacted Hartford police and fire systems, but did not disrupt their ability to respond to calls for service, Bronin and Police Chief Jason Thody said.
The main disruptions were “inconvenience-type” issues with back-end services, Thody said. For example, dispatchers had to take some notes on paper and the police scheduling system went down, he said.
John Fergus, a spokesman for Hartford Public Schools, said school officials became aware of the severity of the problem Monday. Metro Hartford Information Services had to restore a “massive amount of information,” he said, and the job was almost done around midnight.
But about 4 a.m., school officials learned that one of two transportation systems that talk to each other had not been restored, said Fergus, who said he had about one hour of sleep.
“One was up, but one wasn’t, so it couldn’t communicate the bus company schedules” and student information, he said.
The district also spent Tuesday checking every desktop computer in every school for potential issues. No student devices were compromised in the attack, Torres-Rodriguez said.
More than half of Hartford students have opted to take classes remotely for the first marking period of the year, but it would not have been possible Tuesday to reach everyone virtually, she said.
Staff have not been able to engage close to 1,700 students leading up to the new school year, the superintendent said. The district presumes they will join in-person classes.
Noting that the number of days in the school year have already been reduced from 180 to 177 because of the coronavirus, Fergus said, “we need to get back.”
©2020 The Hartford Courant, Distributed by Tribune Content Agency, LLC.
Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.