Thanksgiving Ransomware Attack Hits Baltimore County

(TNS) — The day before Thanksgiving, the Baltimore County Public Schools system was shut down by a ransomware attack that hit all its network systems.

The cyberattack brought classes to a halt for the 115,000 students attending classes entirely online due to the coronavirus pandemic.

School officials have described it as a “catastrophic attack on our technology system.”

Here’s what you need to know:

How long are schools closed for?

Schools will be closed for students Monday and Tuesday but offices will be open.

“This provides much-needed time for our staff to continue working to set up the instructional platform and to communicate next steps regarding devices,” the school system said on Facebook and Twitter.

What actually happened?

Officials have been pretty tight-lipped about what happened, saying the investigation is ongoing and that they were working closely with state and federal law enforcement and the Maryland Emergency Management Agency to investigate.

The county police also have been in contact with the FBI Baltimore field office. Baltimore County Police Chief  Melissa Hyatt  declined to provide any specifics of the criminal probe.

“We are in the preliminary steps of that investigation,” Hyatt said.

It’s unclear when the attack started, but the school board meeting video stream abruptly cut out late Tuesday. And according to social media accounts, school system teachers began noticing problems about 11:30 p.m. as they were entering grades.

What is a ransomware attack?

It’s an attack that typically blocks access to a computer system or files until money is paid.

Authorities and local officials have not indicated whether or not they have had direct or indirect contact with the hackers.

What kind of ransomware attack was it?

Some teachers said on social media that their files have a .ryuk extension on them. Ryuk is a type of ransomware that has been used against hospitals, local governments and others. The school system and county police did not provide any details on the nature of the ransomware attack.

Officials have not said whether it is a Ryuk attack or not.

Is school going to resume Wednesday?

It’s unclear.

Superintendent  Darryl L. Williams  said he has no timeline for when school will resume. School officials said the network issue has affected the district’s website, email system and grading system. Until the problem is resolved, students will have no school.

Was the school system vulnerable to an attack like this?

A state audit released a day before the attack found “significant risks” within the system’s computer network.

The network was not adequately secured, and sensitive personal information was not properly safeguarded, among other problems, the Office of Legislative Audits found.

It’s unclear what role the weaknesses described in the audit may have played in the ransomware incident as officials have declined to discuss specifics.

Was any personal student data released or compromised during the attack?

It’s unclear. School officials haven’t released any specifics about what information, if any, the attack was able to take hold of.

Are attacks like this common in school districts?

Cyberattackers have recently hit numerous school districts around the country. In October, Fairfax County, Virginia, was a target. In that case, the attackers stole personal data and published it on the web, but did not interrupt the online classes, according to a report in The Washington Post.

Can’t the school system just pay the ransom so classes can resume?

It’s not that simple.

Cybersecurity experts like  Avi Rubin  said once an attack is made public, it’s unlikely the school system would pay.

The technical director of the Johns Hopkins University Information Security Institute and a computer science professor said it would only incentivize the “bad guys” and provide more funds for them to continue their attacks elsewhere.

(c)2020 The Baltimore Sun. Distributed by Tribune Content Agency, LLC.