The Flagstaff Unified School District in Arizona is just the latest to fall victm to a cybersecurity attack so disruptive it forced schools to close Thursday and Friday of last week.
Schools were back in session on Monday, after the district’s team worked “round the clock securing systems and updating computers and devices,” according to the district’s website.
The ransomware, a form of malware that typically requests payment in exchange for access to locked computers, was detected when a message popped up, asking for payment.
The message did not include a specific dollar amount and had untraceable contact information, District Technology Director Mary Knight told the Associated Press.
The district wouldn’t consider making a ransomware payment, she said.
Instead, the district checked systems that control doors, bells, transportation, bells, food service, and more.
“We know how disruptive this is to our families. Canceling school is one of the most difficult decisions I make as a superintendent and it’s not one I take lightly,” said Mike Penca, the superintendent, according to the Associated Press. “We just need to know, when we have kids back, that our school environment is safe and that we can operate as normal.”
Flagstaff’s struggles aren’t unique. A 2018 Education Week Research Center survey found that 27 percent of ed-tech leaders found malware or viruses to be a “significant” or “very significant” problem. Districts are using strategies, including encouraging staff to update their passwords, giving staff additional IT training, and backing up information and storing it off site in case of an attack.
And the K-12 Cybersecurity Resource Center documented 122 publicly reported cyberattacks on schools in 2018. Well over half resulted in the sensitive data of students or staff being compromised.
It’s critical that districts not wait to take basic steps, said Doug Levin, the CEO of consulting group EdTech Strategies, which operates the K-12 Cybersecurity Resource Center.
“Just like we know that eating right and exercising can lead to a healthier life, there are basic cyber hygiene practices—such as deploying anti-malware and anti-phishing technology, ensuring IT systems are backed up, implementing multi-factor authentication, and offering user training—that can make a big difference,” het told my colleague, Ben Herold.
Want to learn more about how cyberattacks are disrupting schools and what can be done about it? Check out Education Week’s cybersecurity special report.
The Associated Press contributed to this report.
A version of this news article first appeared in the Digital Education blog.