When the Albuquerque Public Schools superintendent announced earlier this week that a cyberattack would result in the cancellation of classes for about 75,000 students, he noted that the district’s technology department has been fending off attacks “in the last few weeks.”
Albuquerque isn’t alone, as five school districts across the state have suffered major cyberattacks in the past two years, including one district that is still struggling with a cyberattack that happened just after Christmas.
But it’s the first report of a cyberattack requiring classes to be cancelled, all the more disruptive as schools try to keep personal learning going during the pandemic.
“If it seems like I’ve been coming to your house a lot over the past few years to share difficult news, you’re right. And here I am again,” Chief Inspector Scott Elder said in a video address on Thursday. “We face a new challenge.”
The closures, on Thursday and Friday, affect about one in five schoolchildren in New Mexico, in what is the nation’s 35th largest school district by enrollment, according to 2019 data from the National Center for Education Statistics. The district was one of the last in the state to reopen last year when vaccines became available.
The town of Truth or Consequences discovered a cyber attack on December 28 and still has no control over its computer systems.
“We’re not out of the woods yet,” said Mike Torres, director of information technology for the school system in Truth or Consequences, a small town in central New Mexico.
The attack has not been previously reported. It came when students were on vacation, allowing time to make contingency plans before the students returned. Torres says that while the attack “made computer systems unavailable,” the disruption was minimal.
That wasn’t the case in Albuquerque, where teachers found out Wednesday morning that they had been locked out of the student information database that tracks attendance, records emergency contacts for students and tracks which adults are allowed to pick up which students at the end of class. school day.
In 2019, Las Cruces Public Schools also suffered an attack on their student information database, after a phishing attack lured one or more employees months earlier to click on a malicious link in an email, Matt Dawkins recalls, that district’s director of information technology.
After lurking and exploring the neighborhood’s system, a hacker or hackers carried out a ransomware attack. Data on many school computers, starting with the student database, was locked in encryption. A ransom was demanded in exchange for the key.
“It’s like when your house is robbed, you know? That sense of being violated,” Dawkins said in an interview Thursday, as his school was shut down over an unrelated police call a mile away.
The school failed to pay the ransom and eventually found a way to return the data systems to the state they were in the day before the attack. But it took months of hands-on work and extra costs for temporary Wi-Fi hotspots and some new computers. Insurance covered much of the cost of the attack.
According to Patrick Sandoval, interim director of the New Mexico Public School Insurance Authority, which insures all New Mexico counties except Albuquerque, at least four other schools in New Mexico have been hit by costly cyberattacks in the past two years.
Goals in the US by 2021 included universities, hospitals and a major fuel pipeline. Data on the number of attacks and their costs are hard to track, but the FBI’s 2020 annual report on cyber-attacks states that about $4.1 billion (about Rs. 30498,465 crore) in damage was reported by institutions in that year. the whole country.
Dawkins added that if Albuquerque faces a ransomware situation, which has not been confirmed, it may face a more complex attack. Instead of taking information hostage, ransomware attacks now threaten to sell data to the highest bidder online. So the student data in Albuquerque might not just be locked up, Dawkins said, but risk being shared with identity thieves and other bad actors.
Albuquerque Public Schools didn’t say whether the cyberattack they’re facing is a ransomware attack, just that their student information database has been “compromised,” and that it’s working with law enforcement and contractors to mitigate the damage.
Whatever the cause, they face a similar problem to Las Cruces in the days following the attack.
The database used to track attendance and other students was out of order. It also realized that laptops had to be quarantined and taken out of service, forcing teachers to work offline.
“Immediately our education department was running with pen and paper, you know, kind of old-fashioned kind of education, so our print shop was printing materials. Teachers were able to adapt very quickly,” says Dawkins.
Albuquerque public school officials did not elaborate on the decision to close schools and did not respond Thursday to requests why a paper-based system was not possible.
The decision to continue classes in Las Cruces had a price. Dawkins said it probably took longer to wipe and reset the school’s thousands of computers while teachers and administrators worked normal hours and had to live weeks and weeks without technology.
In January 2020, the district’s computers were running again and on time – the pandemic forced teachers and students into distance learning just a few months later.
Check out the latest from the Consumer Electronics Show on Gadgets 360, at our CES 2022 hub.