Pennsylvania School System Will Need Months to Recover from Ransomware Attack
Table of Contents
- By David Lukic
- Published: Dec 13, 2021
- Last Updated: Mar 18, 2022
A ransomware attack on a school in Pennsylvania may have leaked personal data belonging to thousands of students and staff. Threat actors targeted a computer server that stored the information with the hacker bypassing several security measures that were already in place.
What Happened?
On October 16, Corry Area School District’s technology director Andrew Schmidt received a message that hackers had breached the school’s computer server. The notice directed him to reach out to the sender via email for more details.
School staff worked through the weekend attempting to resolve the issue prior to Monday classes. Unauthorized access was confirmed when files stored on the server were found to be inaccessible. According to a statement released on the school’s website, efforts to unravel the full scope of the breach are still ongoing. When asked if the hacker demanded a ransom, the director said that the conversation never got to that point.
Incidents of ransomware attacks, where hackers encrypt an organization’s data and demand money to decrypt it, have been on the rise in the United States. Last month, a ransomware attack that resulted in data theft hit Sinclair Broadcast Group’s servers. In May, a ransomware attack on Colonial Pipeline led to gas shortages along the east coast.
Was Personal Data Compromised?
Because student and staff information was stored on a third-party server, school officials initially believed that personal data was not compromised. However, further investigation showed that the server breached by the hacker contained more important information relating to students and employees of the school between 1995 and 2011.
Even though there is no sign of data theft, hackers likely accessed names, addresses, phone numbers, social security numbers, and other personal information.
“We’re being very proactive and transparent that there is that potential,” said Schmidt when asked if personal data was compromised. “At this point, we cannot say definitely one way or the other.” District Superintendent Sheri Yetzer admitted that it will take months to understand and fully recover from the cyber attack.
How is the Corry Area School District Responding?
In addition to preliminary investigations, they immediately followed the recommendations of law enforcement agencies to not communicate with the hackers. Although they discovered that students and staff couldn’t access locally stored files, district officials instead intensified efforts to restore the lost files.
“We’re being very careful and meticulous in how we do it to make sure everything is secure,” Schmidt mentioned. “We are working with cybersecurity experts to make sure as we move forward that everything we have is secured in the best way it can be done.”
The district also sent letters to students and staff that some personal data was likely compromised. They posted the notice on their website and advised students and staff to reach out to recommended consumer reporting agencies to assist with identity protection.
How are Schools Preparing for Future Attacks?
According to the Cybersecurity & Infrastructure Security Agency, schools and organizations must prevent future ransomware attacks by implementing tighter security measures. Schools in the United States have stepped up the following security measures.
- Conducting regular cyber hygiene habits by scanning devices and computers to limit attacks.
- Promptly reporting incidents of data breach to government agencies.
- Encrypting and backing up information and utilizing cloud storage more often than before.
- Regularly update operating systems and software as soon as updates are available.