[BreachExchange] Souderton Area School District cyber attack was ransomware

Destry Winant destry at riskbasedsecurity.com
Tue Sep 10 09:59:42 EDT 2019


FRANCONIA — The cyber attack on Souderton Area School District's
computer systems was a ransomware attack, the district said in an
update posted on the district website Sept. 9.

"This message is an update on the network disruption that affected
Souderton Area School District over the Labor Day weekend. We have
confirmed that the disruption was the result of a ransomware attack.
Ransomware is a software used by cybercriminals to encrypt or 'lock
up' files on computers or servers with the goal of making those items

"The District is working diligently with the Department of Homeland
Security, the Federal Bureau of Investigation, the U.S. Secret Service
and local authorities, as well as with a specialized cybersecurity
firm. Our priority is to remediate the disruption and encryption
caused by the ransomware and to restore the District and its services
to normal operations as soon as possible.

"Currently the ransomware attack is still resulting in some
disruptions to the technology systems of the District. While teachers
have limited access to e-mail, parents are advised to call the school
office in the event of any time-sensitive matter.

"Despite the interruptions to technology, please be assured that
teaching and learning remain vibrant in our classrooms. Our students
and staff have been exemplary in their response during this
challenging time.  We are hopeful that full-service operations will be
restored soon and are committed to minimizing any disruptions to
student learning.

"Understanding concerns expressed to the District, we want to reaffirm
that our financial systems are stored off-site and financial
information remains secure. We also do not anticipate any disruptions
to the school calendar.

"We appreciate your continued patience and flexibility and will
communicate with you and update the district Web site as information
becomes available," the update, signed by Superintendent Dr. Frank
Gallagher, said.

In response to an emailed question of whether ransom had been paid or
is planned to be paid, Gallagher wrote, "No comment at this time."

In a separate release, the district said the district-wide computer
network was immediately shut down and Internet connections were
disabled when the attack was discovered.

Students were also told to power off their school-issued devices and
to return the devices to their school.

More information about the BreachExchange mailing list