DDSD should learn from Centennial's ransomware attack
Posted Oct. 6, 2021
Staff Editor
A school technology system ransomware attack earlier this year forced Centennial schools to close from April 26-May 12, a serious incident that all school district can learn from, including David Douglas.
Centennial School District (CSD) discovered on April 26 that certain digital files had been encrypted by an unknown source. The district took its technology systems offline as a safety measure so hackers couldn’t access any more information. The district also reported the breach to federal investigators, hired a cybersecurity firm, and launched its investigation into how the system could have been hacked.
Students were able to return to school on Monday, May 3, but only for a few hours a week in a hybrid model. CSD schools had provided paper packets to students for their remote learning. Centennial gradually brought teaching online on May 12, until all students were online by the end of the week.
“They have posted information relating to individual officers and they have threatened to release details on informants to the criminal gangs on which they’re informing. There were about 60 attacks on school districts in 2020 and they affected about 1,600 schools in total. In some cases, the data that’s been posted has been extraordinarily sensitive. In one case, there were details of sexual abuse allegations by and against named students."
-Emsisoft threat analyst Brett Callow.
“Ransomware goes in and it will encrypt data on your computer so you can’t access it,” said ReliaQuest security strategy director Ken Westin.
Ransomware attacks on school systems have increased recently, according to the Associated Press. There have already been at least 21 ransomware attacks in the U.S. education sector this year. The attacks have disrupted 550 schools. Westin stated that a precise number of attacks is difficult to pinpoint because some don’t come to light after a ransom has been paid.
There have been several recent high-profile ransomware strikes, including one on Colonial Pipeline Co. that disrupted gasoline supplies to the East Coast and another to Ireland's health care system. Colonial Pipeline paid the hackers a $5 million ransom.
KGW reported that Centennial district data had been posted on the dark web. Multiple cyber security sources also confirmed that data from the Centennial School District has been posted on the dark web related to the ransomware attack. Westin said it appeared to be a fairly minor attack, especially when compared to a recent hacking incident involving Washington D.C. police attributed to the same group.
“They posted information relating to individual [Washington D.C.] officers and they threatened to release details on informants to the criminal gangs on which they’re informing,” said Emsisoft threat analyst Brett Callow.
Callow stated that ransomware attacks have been aimed at bigger companies and organizations in recent years. But during the pandemic, with school districts all over relying more on computers, they’ve also become a target.
“There were about 60 attacks on school districts in 2020 and they affected about 1,600 schools in total,” Callow said. “In some cases, the data that’s been posted has been extraordinarily sensitive. In one case, there were details of sexual abuse allegations by and against named students.”