[BreachExchange] Stonington schools investigating apparent ransomware attack on district

[Sophia Kingsbury]

https://www.thewesterlysun.com/news/stonington/stonington-schools-investigating-apparent-ransomware-attack-on-district/article_aa2b20a0-1fde-11ec-a99e-7bb270896e14.html

Stonington schools staff and the FBI are working together to determine the
scope of access and how it was granted after the district was targeted as
part of a ransomware attack discovered Monday morning.

The district first found evidence of the ransomware around 9:30 a.m.
Monday, according to Assistant Superintendent of Curriculum and Assessment
Mary Anne Butler, and staff led by Director of Technology Christopher
Williston took immediate action to secure the district’s systems including
taking the entire district offline.

The nature and origin of the attack and whether information was compromised
both remain the subjects of an ongoing investigation, officials said.

“We don’t have a lot of information at this point and we will continue to
work with a cybersecurity team Tuesday to determine the scope,” Butler
said. “We have taken precautions to make sure everything remains protected.
Our top priority is the safety of the children.”

The district first notified parents on Monday afternoon through an email
sent to all families. The message, which was shared around 5 p.m.,
indicated to families that the district had already begun taking steps to
remediate the issue including isolating the district from the internet.

Ransomware is a malicious computer software that threatens to publish or
block access to data, usually by encrypting it, until the victim pays a
ransom fee. It was unclear whether any information was obtained, but
officials indicated that the system was removed from the internet before
much of the information had been encrypted.

Butler said the attack should not impact school schedules this week.

“We will not be able to have students access online content, but schools
will be able to continue in person while the issue is being addressed,”
Butler said.

Students are encouraged to attend classes as they normally would on Tuesday
but schools are not expected to have access to the internet during the
school day Wednesday and staff may be delayed in efforts to respond to
emails. The district has a professional development day on Wednesday and
students will not be in class.

All phone systems are protected and working, school officials said. Parents
and guardians will be granted access to the main office at each school and
adjustments have been made to assure the schools remain secure at the same
time.

If the issue is not resolved by Thursday, students would again return to
class without access to the internet.

Butler said there are a lot of unknowns still as the investigation
continues, but said that district staff including Williston were expected
to continue working through the night and the district would provide
families with additional updates by the end of the day Tuesday or when
information becomes available.

“We are still in the assessment stage, so there is just not a lot to share
at the moment,” she said. “We will continue to send updates to families so
they know what to expect.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210928/c24f2d99/attachment.html>