Wi-fi, fiber, broadband, internet news

Some Corry Area School District servers were rendered useless after the school district's network was attacked by ransomware over the weekend.

All schools in the district were operating on a two-hour delay for students today to give teachers additional time to plan lessons without the use of technology as the ongoing fallout from the attack continues to impact internal operations of the district.

Bill West, Corry Area School District's director of secondary education, stated in an automated phone call to district stakeholders on Sunday evening that the network was attacked Saturday.

"The first thing we did was made sure the attack was mitigated," CASD Technology Director Andrew Schmidt told The Corry Journal this morning. "We made sure that personal information, student information and faculty information was not accessed as that is not housed here. It is housed off site with third-party vendors, so we assured that was safe."

Ransomware is a form of malware designed to encrypt files on a device or network, rendering any files and the systems that rely on them unusable. Malicious actors then demand a ransom in exchange for decryption, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) website.

The attacker did not communicate how much was being sought from the school district, which did not pay anything in response to the ransomware, according to Schmidt.

"No, we didn't even engage with the actors," he said. "We did not communicate with them."

When asked how this happened, Schmidt responded, "We're still investigating."

The main third-party vendors that host student, staff and personal information off site are Sapphire and CSIU, which is the district's accounting system. The district's accounting system was not affected.

"It's a web-based program so it's not stored here," CASD Business Manager Brenda Clabbatz said.

Three members of CASD's information technology staff spent Sunday working on restoring the servers and access, however, they were not completely successful, West said in the phone call.

"The district IT staff, along with local police and an outside agency, investigated the issue and concluded that the data is not restorable from the servers," he said. "We also verified that student and staff personal information was not compromised."

West stated a team of tech workers was scheduled to come to the district this morning to help rebuild the servers and network.

"This means that there will be no computer or network access available until further notice," West said. "This includes access to services like Google and Sapphire. We do not have an ETA on when access will be restored."

The attack took down multiple servers at all three buildings — Corry Area Middle-High School, Corry Area Intermediate School and Corry Area Primary School.

"It knocked out some servers. We're working on restoration," Schmidt said. "That's what we're working on today — to rebuild the servers that were affected."

CASD has backups of the data that was on the servers and will be able to restore it once the servers are rebuilt.

"While we work on getting everything back up and running, we will need to implement lessons and assignments without the assistance of using our normal technologies such as desktop computers, smart boards or Chromebooks," West said in the call.

The district notified law enforcement of the attack.

"One of our initial calls was to the Corry police. They were on site and helped with the initial investigation," Schmidt said.

Corry City Police Chief Michael Cherry said the department is working on a news release regarding the situation but it was not completed as of press time today.

With ransomware attacks on the rise in recent years, The Journal asked if the school district had taken preventative measures to stop something like this from happening.

"Yes we have, but things can happen," Schmidt responded.

CASD is currently trying to determine how the attacker was able to get around the safeguards it had put in place.

Schmidt said they do not know how much this will cost the school district.

Corry students who are out of school for Covid-related situations will not be able to connect to their class until service is restored, but it will not count as an absence.

"We have asked parents to send in an excuse, and the excuse reason would be lack of internet connectivity and their absence will be excused," Superintendent Sheri Yetzer told The Journal.

Yetzer said parents and guardians can send a hard copy of the excuse with their child when they return to school. The excuse can also be submitted via fax to the district at 814-664-9645.

Excuses may also be emailed, but Yetzer stated the district's email is "hit and miss" right now.

"We're well aware that they may not be able to send it to us electronically and we will work with the families that encounter that situation," she said.

West stated at the end of the call that the district will keep everyone updated and informed as they know more.

In August of 2019, The Corry Journal reported that Rich Shopene, who was the city police chief at the time, informed members of Corry City Council at a planning session of an email he received from the FBI detailing the rising threat of ransomware attacks against school districts and municipalities.

CISA has seen an increase in malicious activity with ransomware attacks against K-12 educational institutions. Malicious cyber actors are targeting school computer systems, slowing access, and rendering the systems inaccessible to basic functions, including remote learning, according to CISA's website.

For more information about ransomware and ways to avert attacks, visit www.cisa.gov/stopransomware.

(0) comments

Welcome to the discussion.

Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
PLEASE TURN OFF YOUR CAPS LOCK.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.