Penn-Harris-Madison school district targeted in ransomware attack

The Penn-Harris-Madison (PHM) School Corporation is working to recover from a ransomware attack that disrupted its network and internet services. The district’s technology department discovered the breach early Monday morning, prompting an immediate response from school officials to contain the threat and secure critical systems.

As a precautionary measure, all network-connected desktop computers within the district were shut down. However, students and staff were still able to use Chromebooks, laptops, mobile devices, and internet-based applications, as these systems were deemed safe from the attack. While the district worked to isolate the breach, Wi-Fi and internet access remained limited to prevent further infiltration.

The school corporation confirmed that Google and Clever services were unaffected, but Canvas, a widely used learning management system, experienced disruptions. Officials stated that they expected issues with Canvas to be fully resolved by Tuesday, March 4.

This incident marks the second major cyberattack on PHM in recent years. In 2019, a malware attack impacted thousands of students, highlighting the district’s vulnerability to cyber threats. The latest ransomware attack has raised concerns over data security, though PHM has assured families that the student database does not store or retain social security numbers.

Cybersecurity experts are actively investigating the breach. Mike Chapple, an IT professor at Notre Dame and former computer scientist with the National Security Agency, explained that ransomware attacks typically occur when a user inadvertently clicks on a malicious link or attachment, granting attackers access to the system. Once inside, the malware encrypts stored data, effectively locking users out of their own systems.

“If you think about all the types of sensitive student information that they have, they might have names, dates of birth, and all of their grades. That’s all sensitive information that now potentially is in the hands of someone malicious,” Chapple warned.

He further emphasized that to fully recover, the affected systems would need to be wiped, rebuilt, and restored from clean backups. This process involves identifying the scope of the attack, ensuring all traces of malware are removed, and implementing stronger security measures to prevent future breaches.

Despite the attack, PHM officials remain confident that scheduled testing and assessments will proceed as planned. In a message sent to parents, PHM Director of Technology Matt Hapke reassured families that the district is working closely with cybersecurity specialists to assess the extent of the breach and implement necessary security measures.

The district has not disclosed whether any ransom demands have been made, nor has it provided a timeline for full system restoration. Parents and students have been advised to remain vigilant while officials continue their investigation into the source and impact of the attack.