Public schools in Baltimore County, Maryland, will remain closed Monday and Tuesday as officials respond to a cyberattack that forced the district to cancel distance education for its 115,000 students just before the Thanksgiving vacation, said officials. responsible.
The attack, first detected late Tuesday evening, affected the district’s distance learning websites and programs, as well as its filing and email systems, officials told WBAL-TV.
Schools were closed on Wednesday, a day earlier than scheduled for Thanksgiving. Saturday, the neighborhood announced on Twitter that classes would be closed for two additional days on Mondays and Tuesdays due to “the recent ransomware attack”.
On Sunday, the neighborhood said on Twitter that although schools are closed, the Chromebooks he provided to students were safe to use, as were the school-linked Google accounts. The district said students should not use the Windows devices it issued “until further notice.”
At a press conference on Wednesday afternoon, officials were unable to say when school activities would resume. “We don’t know, at this point, of a timeline,” said Dr. Darryl L. Williams, the superintendent.
Kathleen S. Causey, president of the Baltimore County School Board, said the situation was “very worrying.” The students, she added, “relied on us to provide them with education and other opportunities.” Officials declined to provide details of the attack, including requests made.
The Baltimore County District has started the 2020-2021 school year with all of its students learning distance learning – a period of “virtual instruction” that the district says would continue until at least January. Subsequently, the district said it expected to offer a “hybrid” plan that would include in-person classes for “targeted students” a few days a week “on a rotating basis.” The district would also allow students to continue to learn remotely full time if they preferred.
The coronavirus, which can spread easily when people congregate closely indoors, pushes students and educators into distance learning with little time to prepare.
The digital infrastructure that makes distance learning possible is increasingly seen as the target of cyber attacks. Schools are storing more data online without sophisticated plans to protect it and are subject to public pressure when that data is compromised, said Reuven Aronashvili, founder and CEO of CYE, a cybersecurity firm.
Local governments, and schools in particular, are “considered to have a fairly low level of cybersecurity maturity,” Aronashvili said in an interview.
Increasingly, the cyberattacks that schools face are ransomware attacks, in which users are excluded from their data by an unauthorized person who promises to unlock the data if a ransom is paid.
That’s what happened to public schools in Baltimore County, according to Jim Corns, executive director of information technology for the district. At last week’s press conference, he said the district data was not stolen or disclosed, but rather locked in a way that prevented school officials from functioning.
“This is a ransomware attack that encrypts data as it is found and does not access or delete it from our system,” Mr. Corns said. “So we go into it as a ransomware attack.”
Mr. Aronashvili said that ransomware “works primarily on the pressure elements”.
“If you’re able to apply enough pressure, someone will pay,” he says. “At the end of the day, that’s the whole business model.”
Banks’ financial data, for example, is generally tightly secured, and their owners usually have well-established rules against paying ransoms, Aronashvili said. Local governments and schools generally have a lot of personal data and less sophisticated plans to secure it or deal with attacks, he said.
The attackers noticed it.
According to the K-12 Cybersecurity Resource Center, which tracks incidents in schools nationwide, at least 44 school districts have reported ransomware attacks so far this year. Last year the figure was 62. In 2018, there were only 11 reports.
Doug Levin, the founder of the center, said he expected 2020 to end with roughly the same number of ransomware incidents as 2019. He warned that the data may not include all attacks. because there is no uniform standard for how school districts report cybersecurity incidents.
“Since the pandemic, when a school district has an incident, learning stops,” Levin said. “It is this loss of resilience that Covid has brought to light.”
At last week’s press conference, Chief Melissa R. Hyatt of the Baltimore County Police Department declined to provide details of the investigation, but said local, state and federal officials were helping .
Wednesday, almost 10 hours later school district confirmed ransomware attack on Twitter, the FBI field office in Baltimore said he was aware of the incident but declined further comments.
A Baltimore County Police spokeswoman on Sunday questioned county school officials. Messages left with school officials were not immediately returned.