A serious incident has compromised the computer systems of a US school district. According to digital forensics specialists, a ransomware attack has infected about 30,000 computers belonging to the Las Cruces school district, New Mexico, US. The incident caused servers and Internet devices to shut down throughout the district.
During a press conference, Superintendent Karen
Trujillo revealed that the malware
managed to compromise these computers during the early hours of October 29;
hours later, district IT staff were instructed to shut down operations on all
servers and disconnect compromised computers from the Internet.
As you may remember, a ransomware is malicious
software created to block access to a device and stored files. To regain this
access, victims must pay a ransom to threat actors. The most common methods of
ransomware infection are sending malicious emails and using malware-plagued web
pages, mentioned by digital forensics experts.
When questioned about the incident recovery
process, the district’s IT director, Matt Dawkins, stated that Las Cruces is
collaborating with external cybersecurity firms to implement a recovery plan
that has proven successful in other ransomware attacks. At the conclusion of
the first investigations into the attack, Dawkins mentioned that about 30,000
devices should be “cleaned”; this process includes formatting hard
drives, reinstalling operating systems and complementary software.
A subsequent release from the district’s
digital forensics team also mentioned that the entire IT infrastructure of Las
Cruces will be subject to security audits and hardware upgrades to complete the
recovery process and be able to put online systems again.
Regarding the time it will take the recovery
process, the district authorities decided not to make an estimate:
“Certain setbacks may appear, we must stop and address all possible
failures that arise; it’s hard to say how long it’s going to take,”
As with recovery time, details about potential
costs are unknown, although Superintendent Trujillo mentioned that a
significant portion of these expenses will be covered by a federal fund
reserved for such incidents.
Although most of the district’s computers were
impacted, the authorities mentioned that two teams were enabled to access
information systems securely, so the closure of activities was not complete,
and academic staff, in all schools in the district, it works in an “almost
normal” manner. Schools staffs have also resorted to some paperwork and
processes by hand.
International Institute of Cyber Security
(IICS) digital forensics specialists mention that school districts, like other
public organizations, have become one of the new targets for cyberattacks. The
main recommendation for any organization is to establish awareness programs to
prevent ransomware infections and any other type of malicious program. The
costs of prevention are way lower than the costs of recovering from any