澳门跑狗论坛

Special Report
School & District Management Q&A

How to Respond to a Ransomware Attack: Lessons Learned

By Alyson Klein 鈥 March 17, 2020 4 min read
BRIC ARCHIVE
  • Save to favorites
  • Print
Email Copy URL

The Flagstaff Unified school district, back in September, became one of more than 300 to suffer a ransomware attack that forced officials to close schools for two days and work around the clock to get everything back up and running.

澳门跑狗论坛 chatted with Zachery Fountain, the Arizona district鈥檚 director of communications, and Mary Knight, its director of technology, about what Flagstaff learned from the experience. This interview has been edited for length and clarity.

What exactly happened?

Zachery Fountain

Fountain: We had a staff member who noticed something weird happening in terms of one of their processes, and they did the right thing and alerted IT. And IT promptly took action and was able to figure out that we had a case of ransomware that was a pretty nasty bug. We ended up going through the processes, evaluating what systems were impacted, what weren鈥檛 impacted, and at the same time evaluating what systems did we need for school.

Mary Knight

As part of our containment strategy, we needed to sever internet connections. It wasn鈥檛 that we were locked out of all of our systems. It was that we made the decision to sever the internet and isolate the issue. We ended up canceling school for the next day [a Thursday] and then also on Friday to ensure that we were able to get everything up and clean.

[After] really a Herculean effort by our team here and also community organizations, we were able to get up and running for that following Monday. We were down for about four days, including two days on the weekend. But we were able to bounce back.

Knight: The most important thing is to have your backups in place. We were presented with email addresses for the ransomware but we did not contact them. We were fortunate that we had backups in place that allowed us to restore our systems.

What would you recommend to other districts to avoid paying a ransom?

Fountain: The big thing is having your team and your plans in place and prepare for not [just] an IT issue. It鈥檚 a school system issue and how are people going to react? What does this look like in terms of instruction in the classroom if teachers can鈥檛 get the data? What does it mean in terms of communication with stakeholders? There are going to be a lot of questions about general security. You just have to have all those things planned and know what your map is for your systems.

Knight: Have the resources that are required to help navigate through a situation like that. Most school districts don鈥檛 have a cybersecurity expert on staff. You want to have [those relationships] in place, not be looking for someone when these events happen.

(The district is part of Arizona鈥檚 鈥渞isk and retention鈥 trust and had participated in its webinars and created an incident-response plan, she said.) 鈥淲hen we were working through this, we contacted the trust [a nonprofit corporation that provides the state鈥檚 school districts and community colleges with property and liability coverage] immediately.鈥

How did communications work?

Fountain: My biggest worry as communications director was that I didn鈥檛 want to say something that would invite a secondary attack. We wanted to be very clear that we were dealing with a cyber issue that was ransomware. It wasn鈥檛 a breach, so information wasn鈥檛 taken off our server.

I did 37 interviews in 12 hours or something like that, with local media, national media, and international media. We really worked to make sure that our internal stakeholders had that information before we did things that were public. We want them to have a solid base of information before we send it out to everybody.

How else can districts get ready for an attack?

Knight: Prepare an incident-response plan and know who your incident-command team will be. Having those roles defined prior to an incident is critical. Backing up to cloud environments is also critical as well. It鈥檚 important for schools to do an after-action review. You prepare, you have your response, and then you have your recovery and remediation.

As part of that recovery and remediation, you want to do an after-action review so you can process what occurred. This is a daily threat for everybody. It鈥檚 something that has to remain on your radar constantly. You need to stay up to date on what鈥檚 out there and learn from others. It鈥檚 not something you can just create and put away and not worry about it.

You鈥檙e constantly making those modifications so you can be as prepared as possible.

How long did it take for teachers to get back into instruction after being out for two days?

Knight: They were back at it Monday morning. Their laptops were all picked up, [and temporarily confiscated] and they got back to business. In our user agreement [for staff], it says we are not responsible for your data, that you need to be backing up your data. But for some people who hadn鈥檛 backed up their personal data to the district network or a cloud-based option, they didn鈥檛 have access to their data. For some, that didn鈥檛 mean much, but for others, if it was 20 years of lesson plans, that was a little tough for those folks.

We all have to be very intentional about where we are saving our data to.

Any last pieces of advice?

Fountain: Celebrate the achievements along the way. The days are long. You鈥檝e gotta be taking care of your staff.

Events

Artificial Intelligence K-12 Essentials Forum Big AI Questions for Schools. How They Should Respond鈥
Join this free virtual event to unpack some of the big questions around the use of AI in K-12 education.
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of 澳门跑狗论坛's editorial staff.
Sponsor
School & District Management Webinar
Harnessing AI to Address Chronic Absenteeism in Schools
Learn how AI can help your district improve student attendance and boost academic outcomes.
Content provided by 
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of 澳门跑狗论坛's editorial staff.
Sponsor
Science Webinar
Spark Minds, Reignite Students & Teachers: STEM鈥檚 Role in Supporting Presence and Engagement
Is your district struggling with chronic absenteeism? Discover how STEM can reignite students' and teachers' passion for learning.
Content provided by 

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide 鈥 elementary, middle, high school and more.
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.

Read Next

School & District Management Local Education News You May Have Missed in 2024 (and Why It Matters)
A recap of four important stories and what they may signal for your school or district.
7 min read
Photograph of a stack of newspapers. One reads "Three schools were closed and..."
iStock/Getty
School & District Management Principals Polled: Where School Leaders Stand on 10 Big Issues
A look at how principals responded to questions on Halloween costumes, snow days, teacher morale, and more.
4 min read
Illustration of speech/thought bubbles.
DigitalVision Vectors
School & District Management Opinion You鈥檙e the Principal, and Your Teachers Hate a New District Policy. What Now?
This school leader committed to being a bridge between his district and school staff this year. Here鈥檚 what he learned.
Ian Knox
4 min read
A district liaison bridging the gap between 2 sides.
Vanessa Solis/澳门跑狗论坛 via Canva
School & District Management The 4 District Leaders Who Could Be the Next Superintendent of the Year
Four district leaders are finalists for the national honor. They've emphasized CTE, student safety, financial sustainability, and more.
4 min read
Clockwise from upper left: Sharon Desmoulin-Kherat, superintendent of the Peoria Public School District 150; Walter Gonsoulin, superintendent of Jefferson County Schools; Debbie Jones, superintendent of the Bentonville School District; David Moore, superintendent of the School District of Indian River County.
Clockwise from upper left: Sharon Desmoulin-Kherat, superintendent of the Peoria school district in Illinois; Walter Gonsoulin, superintendent of Jefferson County schools in Alabama; Debbie Jones, superintendent of the Bentonville, Ark., school district; and David Moore, superintendent in Indian River County, Fla. The four have been named finalists for national Superintendent of the Year. AASA will announce the winner in March 2025.
Courtesy of AASA, the School Superintendent's Association