Buffalo Public Schools has suffered a ransomware attack, and the school district has hired GreyCastle Security to assist with the cyberattack investigation and recovery effort.
Buffalo Public Schools serves approximately 34,000 students in Buffalo, New York, the second largest city in the state. It is located in Erie County of western New York and operates nearly 70 facilities, Wikipedia says.
All classes -- remote and on-site -- were cancelled for March 15 and 16, 2021, so that the school district can stress-test various recovery steps and associated applications. Distance learning is scheduled to resume March 17, 2021.
Among those assisting the recovery effort: GreyCastle Security of Troy, New York. The cybersecurity consulting firm provides risk assessment, compliance, awareness, vulnerability assessment, penetration testing and incident response services to businesses throughout North America, the company says.
Buffalo Public Schools: Ransomware Attack Details, Recovery Efforts
Here's are details tracking the Buffalo Public Schools ransomware attack and recovery efforts, according to a letter from Superintendent Kriner Cash dated March 14, 2021:
Attack Day: The Buffalo Public Schools experienced a cybersecurity attack on March 12, 2021. The IT staff responded and began to bring systems offline as an urgent precautionary measure.
School District Recovery: The district is "making headway in restoring critical systems that support the primary function of teaching and learning. We have also prioritized the recovery of any affected business operation systems. The district will implement a longer term comprehensive initiative to enhance IT security and infrastructure going forward."
Classes Cancelled: Students will remain at home and will not receive in person or remote instruction on March 15. Instead, the district will use the day to "pressure test system restoration and access as well as communicate any new or required information for students to access virtual learning tools once instruction resumes." (Update: All in-person and remote classes were also cancelled March 16, but remote learning is scheduled to resume March 17 -- Ed.)
Personally Identifiable Information: The district is still investigating whether PII data was compromised as part of the attack.
Ransomware: No demands have been made; however, the FBI has found out that ransom may be between $100,000 and 300,000 and could be negotiable.
Cybersecurity Consulting: The superintendent approved an emergency contract with GreyCastle Security to help in the investigation. The FBI is assisting.
Hackers, Malware and Ransomware Target School Districts
Multiple school districts across the United States have experienced cyberattacks in recent months. Examples include:
Huntsville City School of Alabama: The school advised students not to use laptops and other school-issued devices after a cyberattack in November 2020.
Baltimore County Public Schools (BCPS): Hackers leveraged malware to attack BCPS, and the cyberattack forced BCPS to close on November 30 and December 1.
Clark County School District (CCSD): Cybercriminals used ransomware to trigger a data breach involving Social Security numbers, student information and other private information from CCSD in Las Vegas, Nevada.
Athens Independent School District (ISD): Athens ISD in Athens, Texas paid $50,000 to restore school district data after a ransomware attack against its servers.
How MSPs Can Mitigate Ransomware Attack Risks: To safeguard your MSP business and clientele from ransomware attacks, follow this tip sheet.
Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.
The faulty CrowdStrike Falcon update resulting in the widespread global IT outage that disrupted nearly 8.5 million Windows systems last week had been missed due to a vulnerability in the firm's Content Validator tool.
AT&T Mobility's widespread network outage in February that disrupted 125 million devices stemmed from a network misconfiguration by an employee and also from inadequate best practices adherence, according to the US FCC.
Organizations have been warned by CrowdStrike about the proliferation of a phony recovery manual that has been used to spread the novel Daolpu information-stealing malware.
