Des Moines Public Schools is still wrestling with the repercussions of a suspected ransomware attack on its servers that shut down classes for two days, an attack that will now extend the school year.
District officials say they have made significant progress in restoring systems after they discovered the cybersecurity breach Jan. 9, including regaining access to Infinite Campus and ensuring phones are operational. Infinite Campus is a web-based student information portal that allows families to see academic information and student records, including grades and attendance.
But the 30,000 students in Iowa’s largest school district are being told to expect an offline learning experience until further notice, with limited access to internet and networked resources and no wi-fi.
“Operations and building staff will be taking appropriate measures to keep the buildings safe and secure,” the district said in a release.
The cyberattack has put Des Moines schools on a growing list of school districts in Iowa and around the country that have been targeted.
Here is what we know:
When did Des Moines Public Schools find the cybersecurity attack, and what did it do?
The district’s IT staff was first alerted to a problem at 8:45 a.m. Monday, said interim Superintendent Matt Smith during a Tuesday news conference. The IT staff shut down the district’s servers, internet and network to limit the impact.
The district’s servers appear to be the only systems affected.
Was this a ransomware attack?
While the investigation is ongoing, Des Moines Public Schools’ officials are treating the incident as a ransomware attack. There is no timeline for when the investigation will be concluded.
Evidence has been turned over to the district’s cyber insurance company, Smith said in a video posted Wednesday to the DMPS’ YouTube channel.
In some cases of ransomware, business and schools end up paying a ransom to regain control of their systems or to keep personal information from being released.
District officials have not said if the district received a ransom demand or if a ransom was paid.
Who is helping the Des Moines school district investigate the attack?
District IT staff is working with its cyber insurance company and the local offices of the Federal Bureau of Investigation and Department of Homeland Security.
Was any data stolen?
Officials will not know until the type of attack the district’s systems underwent is identified.
Will Des Moines Public Schools close again?
As of Wednesday, DMPS classes are scheduled to resume Thursday morning after IT staff “made significant progress in restoring many of our systems,” district officials said.
Related:Des Moines Public Schools classes to resume Thursday after ransomware attack
Why were classes canceled?
Classes were canceled for two days because taking the district’s servers and internet network offline affected not only classes, but also bus routing and food and nutrition systems, as well as access to important student documents.
“We are working to make sure that we can safely get (the network) back up. All of these areas are potentially compromised,” Smith said.
Will the end of the semester be affected?
The semester was scheduled to end on Friday, but it will now end Jan. 20. Second semester will begin Jan. 23.
Will DMPS have to make up for lost classroom days?
Yes. To make up for lost class time, the district is extending the school year through June 2. The school year was originally scheduled to end May 31 for students.
Previously:Des Moines Public Schools cancels Tuesday classes after cybersecurity attack
Have other Iowa school districts dealt with cybersecurity attacks?
Yes, Des Moines schools joins a growing list of Iowa schools that have experienced cybersecurity attacks, including Glenwood Community School District, Cedar Rapids Community School District, the Linn-Mar Community School District and the Davenport Community School District.
In July 2019, Glenwood paid $10,000 in ransom after hackers encrypted student data that included schedules and contact and demographic information, making it inaccessible to administrators.
Samantha Hernandez covers education for the Register. Reach her at (515) 851-0982 or firstname.lastname@example.org. Follow her on Twitter at @svhernandez or Facebook at facebook.com/svhernandezreporter.