U.S. school district forced to shut schools following a significant ransomware attack

Highline Public Schools, a Washington-based public school district, said that it experienced a major ransomware attack in early September that forced it to shut down all schools and cancel school activities.

 

Last month, Highline Public Schools said that it detected unauthorised activity in its internal network and immediately took steps to isolate the affected systems. The school district also launched an investigation, with assistance from external cyber security experts to determine the nature and scope of the incident.

 

Highline notified relevant law enforcement authorities about the incident and said it is working with them to resolve it at the earliest.

 

In a separate statement, the school district said that it decided to keep the schools closed on September 10 as well and cancelled all school activities, athletics and meetings. District authorities added that an investigation into the ransomware incident is still ongoing as critical systems are still offline.

 

Recently, Highline said its investigation revealed that it suffered a ransomware attack on September 7 which forced the school district to take its systems offline and cancel classes and school activities.

 

“We notified the FBI of this activity, and we are working to support their investigation. Due to the nature of the investigation, we cannot comment on any potential law enforcement investigation at this time,” reads the update.

 

The school district added that its IT team is rebuilding the impacted network and from October 14, all staff and students will have to update their network passwords.

 

“We will re-image all district-provided Windows devices. We expect to restore access to several of our network tools during the week of October 14. We are prioritising access to tools that are authenticated through ClassLink,” the district added.

 

The school district is presently in the process of identifying the scope of the incident but has not shared details about the source of the ransomware attack or how much ransom was demanded in exchange for a decryption key.