It will take months to understand and work around all of the effects of the ransomware attack on the Corry Area School District, officials said Thursday.
“The (ramifications) are very involved. It’s taking time to truly understand it all,” district Superintendent Sheri Yetzer said. “We’re being very mindful and cautious in how we proceed. We know that it’s going to take months and months and months to understand what happened here.”
The cyberattack was discovered Oct. 16 when the district’s technology director, Andrew Schmidt, received a notification that the district’s computer server had been compromised and to email the sender for details. How much the district would be asked to pay to “ransom” the compromised files was not specified.
Earlier: Corry School District says ransomware attack may have exposed data on staff, students
“We never got to that point,” Schmidt said. “The recommendation from law enforcement was not to engage them. (The notification) said, ‘Email us and we’ll tell you.’ We did not respond.”
In ransomware attacks, cybercriminals encrypt an organization’s data and then demand payment to unscramble it.
The district instead is working to restore files that were lost in the attack, Schmidt said.
Days after strike vote: Tentative contract reached with Erie School District teachers’ union
District officials first worked through the weekend of the attack to restore access to computer systems needed for schools to open the following Monday.
“Everybody didn’t have access to everything they needed, but school was able to continue on Monday, albeit in a different manner,” Schmidt said. “Students and staff didn’t have access to locally stored files. Things stored in the cloud were still accessible.”
“Many of our internal operations were interrupted,” Yetzer said.
District officials initially believed that personal information on district students and staff was not breached in the cyberattack. That information is stored by a third-party vendor that was not targeted in the attack on the district, Yetzer said.
Further investigation determined that names, addresses, phone numbers, Social Security numbers and other personal information on students who attended school in the district and employees who worked in the district from 1995 to 2011 were stored on the district’s compromised server and may have been breached. The cyberattackers got through protective software and other security measures in place to protect the district server, Yetzer said.
There’s no evidence so far that personal data was taken, she said.
“We’re being very proactive and transparent that there is that potential,” Schmidt said. “At this point, we cannot say definitively one way or the other” if personal data was stolen.
The district sent letters to current students and staff and former employees whose addresses are known to inform them that some personal data may have been breached. A notice is also posted on the district website, corrysd.net.
Superintendent-to-be: Northwestern board names successor for John Hansen, who will retire in June
The website also lists consumer reporting agencies that students and staff can contact to protect their identities.
The district is working with local, state and federal law enforcement to try to determine who’s behind the attack and how it happened.
The FBI’s Erie office declined to comment on specific ransomware attack investigations, but the office’s new supervisory senior resident agent, Jason Crouse, said that, once local or state authorities receive a report of a ransomware attack, “it is not unusual for them to seek investigative assistance from the FBI.”
Crouse, again speaking generally, said solving ransomware attacks often takes time.
“Like any cybercrime,” Crouse said, “there is an expertise needed to address and trace these threats.”
The Corry Area School District is continuing to restore files lost in the cyberattack.
“We’re being very careful and meticulous in how we do it to make sure everything is secure,” Schmidt said. “We’re working with a cybersecurity expert to make sure as we move forward that everything we have here is secured in the best way it can be done.”
