Ransomware disrupts standardized testing in Idaho school district

Computer systems used by a school district in Madison County, Idaho, were disabled by a ransomware attack on Tuesday, just as teachers and students were preparing for standardized state testing.

Administrators detected the attack quickly and shut down all servers and computers, said Chester Bradshaw, superintendent of Sugar-Salem Joint School District #322, according to EastIdahoNews.

Bradshaw said no information was lost or compromised but the internet connection required to conduct the Idaho Standards Achievement Test, or ISAT, was unavailable and testing has been postponed.

Ransomware often finds its way onto a network after a user clicks on a link in a phishing email and hands over credentials. If ransomware is detected early enough, administrators can sometimes purge the malware before it has a chance to propagate to the center of the network and encrypt the victim’s files.

Ransomware attacks have hit a handful of other educational institutions in recent months, inlcuding a K-12 district in Connecticut in January and a district in Key West, Florida, last September.

The Sugar-Salem outage also blocked access to the district’s learning management system.

“A huge number of our classes at the high school are on Canvas,” Bradshaw told EastIdahoNews. “Even if a kid wants to go on their parent’s computer, they’re still not able to access it because the login requires them to authenticate it on our servers.”

The district has not disclosed the type of ransomware used, how much money was requested or whether the district intends to pay up.

Bradshaw said he is now working with an IT security company based in Washington state and hopes to have the school’s systems operational by Monday.