Skip to content

Illustration by Security Management

Ransomware Attack Derails School Opening

After months of planning appropriate COVID-19 measures and safeguards, as well as reshaping how to educate 18,000 students using a hybrid remote/in-person system, administrators at Hartford Public Schools in Connecticut were ready to reopen after the Labor Day holiday. Then a ransomware attack forced the city’s schools to postpone.

The attack was discovered Saturday and the student information system was fully restored by Monday night, but some school systems remained disrupted, Connecticut Public Radio reported.

The file-locking malware attack “caused an outage of critical systems and the restoration of those systems [is] not complete,” school officials said in a statement. “This includes the system that communicates our transportation routes to our bus company, and it is preventing our ability to operate schools on Tuesday.” Approximately 4,000 students rely on busing to get to in-person classes this term.

According to Hartford Mayor Luke Bronin, more than 200 of the city’s 300 computer servers were affected by the attack, and the timeline for system restoration is still unknown. However, the damage could have been significantly worse had the city not invested in a new network defense system last year, according to CyberScoop.

Bronin added that the city was able to quickly shut down servers and freeze technology systems so the city’s police, fire, and 911 systems continued to run smoothly, The New York Times reported. Authorities do not believe sensitive data had been stolen, and the city has not paid a ransom to regain server access.

According to Hartford Public Schools superintendent Leslie Torres-Rodriguez, city employees spent Tuesday restoring systems, and the schools were expected to reopen today. City employees were going “school to school, desktop to desktop” to ensure teachers’ equipment is not affected and can be safely used for in-person and remote instruction, Bronin said.

According to James McQuiggan, security awareness advocate with KnowBe4, the timing of this attack was not coincidental. “Cybercriminal groups leverage a nation’s holiday for these attacks because the amount of staff working and are less likely to act if an attack is discovered. Additionally, they continue to target organizations of all sizes and industries who are potentially understaffed or overworked.

“With ransomware attacks over the past 10 months becoming more dangerous, organizations should consider a ransomware attack as a data breach and a potential loss of data,” he continued in emailed commentary on the Hartford breach. “Strengthening the human layer is an essential step in catching threats that make it through an email filter.”

For more about security awareness training—particularly during periods of remote work—check out “During Remote Work, Security Training Brings Teams Together” and “Mastercard Takes a Unified Approach to Security” from the September 2020 issue of Security Management.