All is relatively well here at Woesnotgone Meadow, where everyone has above average bandwidth. In the Meadow, we have our school system. This isn’t huge, however, is just-right-sized for the community. We have all the amenities of the larger schools and cater to the students. This can be a blessing and create an issue. Any school can be a target, as the Bridgeport schools in CT have found.
Public schools abound through the nation. These are located locally and in certain instances, even within the neighborhoods, their students live in. The schools provide a vital service to the residents and the children in the community. The subject school is the Bridgeport School District, located in Bridgeport, CT.
The attack was much like so many others experienced not only in the school districts but also across the different industries. The school district was targeted for a ransomware campaign. This was allegedly delivered via a phishing attack. This is presumed, as this is the general attack vector. This, however, was not directly stated.
Although no data was exfiltrated, the ransomware was successful. The general operation is for the PCs and/or servers (preferably servers) to be encrypted, and the decrypt key is supplied (hopefully) after the fee is paid, or if the back-ups are viable and current, use these. With this attack, a portion of the district’s data was indeed encrypted. The composition of the data was not detailed in the publications. The amount of the ransom was not listed either.
The school district’s superintendent stated no data was exfiltrated. The attackers were, however, able to access Power School, which was used to store the student’s data. A few of the teachers noted the data encrypted was primarily from their work efforts (e.g. lesson plans and teaching materials). The student’s work and student’s and teacher’s personal data were not affected by this issue.
Once the school district detected the issue they worked through the weekend to fix this. The plan was to limit the damage to the data. Subsequently, all district employees were required to change their passwords. The employees were also directed not to bring in their own equipment into the workplace. The school district was actively working with law enforcement.
This successful attack is an example of what to focus on with the users for the health, and cybersecurity of the organization. With BYOD (bring your own device), the business or entity when this is allowed, also allows any issues on the employee’s personal laptop or device into the network if it attached. The business is at the whim of the person’s level of cybersecurity hygiene, or lack of. Also, there should be substantial training on email and phishing, including what to look for and suspicious requests.
Thanks for visiting Woesnotgone Meadow, where the encryption is strong, and the O/Ss are always using the latest version.
Lambeck, K.C. (2019, January 8). Bridgeport schools computer network falls victim to cyberattack. Retrieved from https://www.ctpost.com/local/article/Bridgeport-Schools-computer-network-hit-by-113515819.php
Lambeck, K.C. (2019, January 9). Connecticut school district hit with ransomware attack. Retrieved from http://www.govtech.com/security/Connecticut-School-District-Hit-with-Ransomware-Attack.html
Olenick, D. (2019, January 8). Bridgeport, Conn., schools hit with ransomware. Retrieved from https://www.scmagazine.com/home/security-news/bridgeport-conn-schools-hit-with-ransomware/
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.
Share on Facebook
Share on Twitter
I'm busy working on my blog posts. Watch this space!