Ransomware, Americas, Content, Vertical markets

Buffalo Schools Ransomware Attack: GreyCastle Security Assists Recovery

Related: How MSSPs and MSPs can stop ransomware attacks.

Buffalo Public Schools has suffered a ransomware attack, and the school district has hired GreyCastle Security to assist with the cyberattack investigation and recovery effort.

Buffalo Public Schools serves approximately 34,000 students in Buffalo, New York, the second largest city in the state. It is located in Erie County of western New York and operates nearly 70 facilities, Wikipedia says.

All classes -- remote and on-site -- were cancelled for March 15 and 16, 2021, so that the school district can stress-test various recovery steps and associated applications. Distance learning is scheduled to resume March 17, 2021.

Among those assisting the recovery effort: GreyCastle Security of Troy, New York. The cybersecurity consulting firm provides risk assessment, compliance, awareness, vulnerability assessment, penetration testing and incident response services to businesses throughout North America, the company says.

Buffalo Public Schools: Ransomware Attack Details, Recovery Efforts

Here's are details tracking the Buffalo Public Schools ransomware attack and recovery efforts, according to a letter from Superintendent Kriner Cash dated March 14, 2021:

  • Attack Day: The Buffalo Public Schools experienced a cybersecurity attack on March 12, 2021. The IT staff responded and began to bring systems offline as an urgent precautionary measure.
  • School District Recovery: The district is "making headway in restoring critical systems that support the primary function of teaching and learning. We have also prioritized the recovery of any affected business operation systems. The district will implement a longer term comprehensive initiative to enhance IT security and infrastructure going forward."
  • Classes Cancelled: Students will remain at home and will not receive in person or remote instruction on March 15. Instead, the district will use the day to "pressure test system restoration and access as well as communicate any new or required information for students to access virtual learning tools once instruction resumes." (Update: All in-person and remote classes were also cancelled March 16, but remote learning is scheduled to resume March 17 -- Ed.)
  • Personally Identifiable Information: The district is still investigating whether PII data was compromised as part of the attack.

According to The Buffalo News:

  • Ransomware: No demands have been made; however, the FBI has found out that ransom may be between $100,000 and 300,000 and could be negotiable.
  • Cybersecurity Consulting: The superintendent approved an emergency contract with GreyCastle Security to help in the investigation. The FBI is assisting.

Hackers, Malware and Ransomware Target School Districts

Multiple school districts across the United States have experienced cyberattacks in recent months. Examples include:

How MSPs Can Mitigate Ransomware Attack Risks: To safeguard your MSP business and clientele from ransomware attacks, follow this tip sheet.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.