NEWHALL, Calif. – The Newhall School District is putting distance learning on hold after a ransomware attack.
A ransomware attack is a malicious software that infects your computer and displays messages demanding a ransom be paid in order to access the system again.
Jeff Pelzel, the Newhall District Superintendent, said the district found out about the attack on Monday, and alerted staff and students to log off and stay off of the district’s technology until further notice.
“This journey will take longer than a week. There’s a lot of things that will have to be fixed on the back end. When we shared the screenshots of the messages, the cyberware firm [the district is working with] knew right away that it’s probably this group of people and they’re attacking small businesses and smaller public organizations, governmental agencies,” he said.
Pelzel said the cyberware firm told them it’s possible the hackers spent two to six weeks in their system before unveiling the Bitcoin ransomware, and it appears the attack “came through the back end of a firewall.”
“It’s never an ideal time to go through this. It’s just very unfortunate in a pandemic that this situation would happen to our families. We appreciate their patience with us. We’re doing our best. We’re hoping to resolve this situation as quickly as possible and we’ll always be transparent,” said Pelzel.
Dr. Clifford Neuman, the Director of USC Center for Computer System Security, said it takes time and money to fix the system following an attack.
“There are still significant costs in terms of IT personnel that need to put the system back together, that need to put the files back online. Even if they do go ahead and pay the ransom, there’s still a lot of support that’s needed to decrypt the files and put the system back in place. If they don’t pay the ransom, they need to recover from backups, roll back forward and try to get recent changes on their system, and both are time consuming,” said Neuman.
Neuman said the attack can potentially pose a threat to people’s home computers.
“With online learning, students are more likely to accept instructions to run a piece of software [if it says] you need to use this for your class and running that kind of software that is from a site that’s been infected is precisely how ransomware gets installed on your own system,” he said.
Pelzel said the district has 6,000 students and has given out 4,000 laptops.
“We do have a lot of devices out there. It’s a different world. Had they all been sitting on campus, it probably wouldn’t be a bigger issue,” he said.
However, the district sent a note to parents saying “although we have no reason to believe there has been any theft of sensitive data, as our investigation continues we will update our community about whether any student information may have been accessed. Additionally, there have been no reports of any issues with personal devices having accessed NSD student Google accounts and the forensic experts shared they have not seen issues with remote personal devices in prior ransomware incidents.”
It’s another adjustment for parents and students who have already adapted to distance learning, and are now being given pen and paper assignments via email.
Bobby Bailey, a 10-year-old fifth grade student at Meadows Elementary School within the district, described the work he was assigned.
“We had to read independently for like 30 minutes. We also had to write two to three paragraphs comparing distance learning to learning in our classroom and we had to make a math problem and then solve it and we had to do social studies and keep moving too,” he said.
Bobby said he had grown accustomed to distance learning before the ransomware attack.
“First, I was used to school and going into school and stuff then with the distance learning eventually I got used to that and now with no computers or anything, it’s just so much different stuff going on,” he said.
His mother, Shelly Bailey, said it is difficult to make sure Bobby is completing his assignments without a teacher guiding the process.
“Trying to force him [Bobby] to do something that was mandatory, there’s no accountability so that was a bit of a struggle this morning,” she said.
However, Shelly said she is thankful the district is being transparent and giving constant updates on the status of the system.
The lesson plans for students are accessible through Blackboard, which was not affected by the attack. Pelzel said so far, the attack is infecting older computers, and not the Chromebooks, but the situation is being monitored.