Ransomware used HVAC to infect Michigan K-12 district

(Kyo Azuma / Unsplash)

Share

A recent ransomware infection at Richmond Community Schools in Michigan caused administrators to extend winter break through the week as district personnel work to remedy the issue and bring all services back online.

The malware was discovered Dec. 27 while IT staff conducted routine computer updates, district Superintendent Brian Walmsley told EdScoop, and was found to have entered systems through a network connection with the district’s heating and cooling service provider.

All systems were immediately shut down and the district’s backup server was disconnected to contain the virus, said Walmsley.

“We spent the weekend just trying to figure out what happened, what do we have, what we don’t, and that’s where we started putting a plan together,” he said.

Several of the district’s critical systems, including heating, telephones, copiers and classroom technology have lost function as a result of the incident. Student and staff information — which is stored outside of the district’s servers — does not appear to be compromised, Walmsley said. 

Expected to return to class from winter break on Thursday, students were instead told to stay home through Friday as the district’s IT staff works to bring systems back online.

“I want to make sure that if we have kids and staff in the building, if something were to go wrong we would have access to a phone to call 911 … and all the safety measures are there,” Walmsley said.

Other systems like classroom computers, interactive projectors and heating and cooling are also expected to be functional by Monday, he said, but teachers will likely have to wait a little longer to regain access to files from their personal drives. 

Those responsible for the attack requested about $10,000 in bitcoin, Walmsley said, which he said they will not pay.

IT staff made a copy of the district’s backup server, which took three days to duplicate, he said, and is now restoring systems one-by-one to ensure the virus does not re-enter the network and corrupt further systems. 

To prevent similar incidents in the future, Walmsley said the district will change some of its security protocols.

“We’re going to require password changes more often, the security level of what that password code, with characters and uppercase and lowercase, is going to be increased,” he said. 

Network connections between the district and its third party service providers will also be examined and updated to increase the security of access points.

“The key thing is our student data, our student information was not compromised and neither was staff data,” said Walmsley.

This latest attack in Michigan is just one in a string of recent ransomware attacks against public institutions and continues the K-12 ransomware trend into 2020. According to StateScoop’s ransomware data, 23 school districts have been hit by ransomware since August.

This story was updated with additional information on Jan. 3, 2020.

TwitterFacebookLinkedInRedditGmail