Buffalo, N.Y., schools resume classes after ransomware attack

School officials said the 34,000-student district will develop a "road map" to hardening IT infrastructure and improving employee cybersecurity training.
empty classroom
(Miguel Pereira / Getty Images)

Public schools in Buffalo, New York, returned to virtual learning on Wednesday for the first time since an apparent ransomware incident late last week disrupted classes.

Superintendent Kriner Cash told the local school board Wednesday evening that the district is continuing to recover from the incident, which is being investigated by the FBI and the cybersecurity firm GreyCastle.

During his presentation Wednesday evening, Cash said both “wired and wireless activity” has been restored in the district’s schools, which serve about 34,000 students. But the incident has interrupted Buffalo Public Schools’ reopening plans: In addition to pushing 6,000 special education, high-school and elementary students in kindergarten through second grade who had returned to physical classrooms back to online learning, the cyberattack also delayed plans to bring another 5,000 students back to campuses this week, the Buffalo News reported.

“Mayhem, I’m calling it,” Buffalo School Board President Sharon Belton-Cottman said, an apparent reference to a series of insurance commercials.


While nearly all applications related to educational functions have been restored, officials are still sorting through IT functions related to the district’s operations, Maya Burden, the district’s chief technology officer, told school board members.

“We will develop a plan for application recovery and remediation and testing,” she said.

Burden said the full recovery will also be accompanied by the development of a “road map” to harden schools’ IT infrastructure and improve its access controls. She also said the district will add cybersecurity awareness training for employees. The district also purchased endpoint detection software from Carbon Black, the Buffalo News reported.

The type of ransomware that infected Buffalo Public Schools has not been identified, nor is it known if any district data was exfiltrated for the actors behind the attack to threaten the district with publication, a tactic known as double extortion.

But the incident does add the Western New York city to the map of places where malicious actors have disrupted students and teachers, a grouping that also includes school systems in Hartford, Connecticut; Baltimore County, Maryland; and Clark County, Nevada. At one point last year, attacks against K-12 organizations accounted for more than half of all ransomware incidents involving public-sector entities, according to the Cybersecurity and Infrastructure Security Agency.


A report from the K-12 Cybersecurity Resource Center last week found that while there were fewer overall acknowledged ransomware attacks against schools last year compared to 2019, the incidents became more aggressive, with more hackers using the double-extortion tactic.

Benjamin Freed

Written by Benjamin Freed

Benjamin Freed is the managing editor of StateScoop and EdScoop, covering cybersecurity issues affecting state and local governments across the country. He has written extensively about ransomware, election security, and the federal government's role in assisting states, localities and higher education institutions with information security.

Latest Podcasts