The Penn-Harris-Madison School Corporation, located in Indiana, is currently working to recover from a significant ransomware attack that has caused major disruptions to their services. The breach was first detected on Monday morning when the tech department notified administrators. As a result, the school experienced widespread internet and WIFI issues, which led to efforts to isolate the threat. While some services like Google and Clever were unaffected by the attack, the school’s Canvas system experienced significant issues, though these were expected to be resolved by March 4th. To contain the damage and prevent the attack from spreading further, the school decided to limit internet access.
This latest ransomware attack follows a similar incident in 2019 when malware impacted thousands of students across the district.
Experts believe the breach was likely caused by someone clicking on a malicious link or attachment in a phishing email, giving attackers access to the district’s network. Mike Chapple, an IT professor at Notre Dame and former NSA computer scientist, explained that once malware infiltrates a system, it can encrypt critical data, including sensitive student information such as grades, birthdates, and other personal details. The school, however, clarified that it does not store or collect students’ social security numbers in its database, reducing the scope of the breach.
To address the situation, the school’s IT department is focused on restoring their systems, which involves wiping the compromised systems clean and rebuilding them from secure backups.
Chapple noted that this process requires identifying the full scope of the attack, eliminating the malware from all affected systems, and restoring data from the safest backup available. The school has reassured students and staff that they can still use their Chromebooks, laptops, cell phones, and access cloud-based applications during the recovery process. Despite the disruptions, the school stated that scheduled testing and assessments should not be affected.
While the immediate priority is recovering from the attack, Chapple sees this as an opportunity to educate both students and teachers on internet safety. He suggests that this incident can serve as a valuable teaching moment for the entire school community to learn about safe online practices and how to protect themselves from similar threats. The school has vowed to use the experience to reinforce its cybersecurity policies, ensuring that such an attack does not happen again in the future. As the recovery efforts continue, the district remains focused on enhancing its security protocols and educating everyone on how to better protect against cyber threats.
Reference:
