(TNS) — Las Cruces, N.M., Public Schools Interim Superintendent Karen Trujillo presented some updates Thursday on the recent cyber attack that targeted the school district, prompting a shutdown of Internet servers and devices across the district.
At a Thursday afternoon news conference in the district’s administration building at 505 S. Main St., Trujillo said the virus infiltrated the district’s systems at about 4 a.m. Oct. 29, and by 7:30 a.m. information technology staff had shut down all of the district’s Internet servers and isolated the malware.
The district’s system was infected with ransomware, a malicious program designed to lock access to computer or data systems until a ransom is paid. It is often spread by visiting infected websites or by opening “phishing” emails, according to the U.S. Department of Homeland Security.
Matt Dawkins, the district’s information technology director, said a cybersecurity consultant was assisting the district in implementing a disaster recovery plan that had been put in place.
Asked whether any ransom demands had been made, Dawkins said the district did not engage with the hacker but said it was evident the culprit had obtained information about the district’s network systems “weeks” prior to introducing the malware.
He said no determination had yet been made as to whether the malware was introduced via email attachment or other means.
The Las Cruces Police Department told the Sun-News the case had been referred to federal law enforcement.
30,000 devices to be scrubbed
Dawkins said 30,000 devices across the district need to be cleaned, in a process that that includes erasing their hard drives and reinstalling operating systems, before they are allowed access to the Internet.
Additionally, before Internet service can be restored, Dawkins said the district would evaluate its current infrastructure and upgrade cybersecurity hardware before connecting to the Internet again.
Meanwhile the district would accelerate previously planned upgrades, he said, later adding that the district has a modular server system in which different components are replaced cyclically.
Additionally, he said the district’s email system, being cloud-based with the provider’s own cybersecurity systems, was unaffected.
The district would not estimate how much time would be required to mitigate and restore systems.
“There is always the potential for setbacks or discovery of something else that we need to go back and look at … so it’s really hard for us to say,” Dawkins said.
The two officials also provided little detail about expected costs, but said some of the cost would be defrayed by previously approved federal E-rate funding, a Federal Communications Commission program providing broadband support for schools and libraries.
Each school site has two scrubbed computers with access to student information systems, allowing nurses to access medical records and administrative staff to print student transcripts or access parent contact information, Dawkins said.
Other processes done via Internet connection, including some classroom technologies and documenting attendance and grades, are being done by hand or with spreadsheet software.
Trujillo remarked that teachers are “rediscovering those teaching things that they were doing before, when the dependency on technology wasn’t quite so ingrained.”
Malware ‘widespread’ but contained
While Dawkins said the malware was “widespread” within the LCPS system, he described the attack as “very targeted” and said there was no indication the malware had spread beyond the district.
Remote access to the district, via applications such as Canvas, StudentVUE and ParentVUE, remains unavailable.
Dawkins said a forensic investigation by the cybersecurity consultant would examine infected machines to obtain as much information as possible about how this attack happened, and how to prevent similar attacks.
“All we can do is mitigate what would happen in the event of an attack,” Dawkins said, adding, “It’s very difficult to prevent it 100 percent.”
He said the district had emergency plans in place for a serious cyber attack, and disclosed that this was the third ransomware attack targeting the district over the past few years, though the previous attempts were of a smaller scale and isolated to a particular site or server.
Ahead of a planned professional development day for teachers on Nov. 11, Trujillo announced that principals had been asked to set aside time for lesson planning as teachers needed, given the loss of technologies adopted in recent years.
She said no school day cancellations were planned, and that access to Internet service would be a gradual process through the district, with devices coming back on line one by one.
©2019 the Las Cruces Sun-News (Las Cruces, N.M.). Distributed by Tribune Content Agency, LLC.