LCSB takes on security contracts
Published 5:30 pm Thursday, November 7, 2019
After a ransomware attack crippled Lincoln County School District computer systems Monday, the Board of Trustees voted to approve two new contracts with cybersecurity companies in a special-called board meeting Thursday.
“(The attack) shut down our system and (the IT Department has) put an enormous amount of time in this,” Superintendent Mickey Myers said. “It’s necessary to cary on. In this case, they’ve done a very effective job of getting our phone system and wifi back up at the campuses.”
The district’s Information Technology Department will work with CrowdStrike to implement measures to prevent further attacks and mitigate the current one. Codeware will act as a liaison, negotiating with the hackers who brought the system down and ultimately paying the ransom if the board decides that it is necessary to do so.
The ransomware attack used encryption — a technology meant to protect data and communications — against the district. Important files on the infected computers are scrambled to be unreadable. The idea of electronic encryption is similar to the caesar cipher most people learned in school, but far more sophisticated. Without a key, it is practically impossible to decrypt the files.
A group of hackers then emailed the district demanding a ransom for the decryption key. The attackers demand payment in the form of cryptocurrency, an electronic alternative to traditional money that can be difficult or impossible to trace.
When District 4 Trustee Diane Gill asked when teachers will be able to access their desktop again, IT Director Kenneth Wallace said that the district is still assessing the extent of the attack, and at least some teacher’s desktops are infected.
“So if you’ve got a jump drive of a teacher, and she’s got something that she knows she’s going to need for December, don’t take that out and take that home,” Gill said.
“No,” Wallace confirmed. “If her jump drive was in the computer and her computer’s infected, the jump drive is infected. It’s infected and basically you’re going to hit that with a hammer and you’re going to throw it in the garbage. You can’t take it anywhere… Decryption is the only option that will get those files back.”
Wallace said that if teachers backed up their files on OneDrive, a backup service built into Windows 10, then there should be a safe copy. But, while the IT department has stressed the importance of backing up files, not all teachers have done so.
“That’s just a hard habit to get into — to remember to do that,” he said.
According to Wallace, CrowdStrike is experienced in dealing with the malware affecting the district.
“They’ve worked on it several times,” he said. “They’ve dealt with 150 cases last month. Not all this virus, but related viruses. They are a professional company that handles this.”
Wallace said that the IT department has been able to bring up some basic services like wifi and the phone systems, but getting systems completely back online will take a minimum of three weeks, if the board decides to go the route of completely rebuilding everything from scratch.
CrowdStrike will do forensics on the district’s network to determine how the attack happened and how far it has spread through the network.
“If there are any holes or patches that need to be made to stop this in the future or stop another attacker from using those same things, they will help us through that,” Wallace said.
Wallace said that CrowdStrike’s products offer real-time protection of the district’s network. District 1 Trustee Justin Laird said in the meeting that he did some research on CrowdStrike’s Falcon software prior to the meeting.
“It’s very advanced and forward leaning and very proactive instead of reactive,” he said. “A lot of software out there right now is reactive, meaning by the time you need it, it’s too late.”
According to Business Manager Sam Stewart, ransomware attacks should be covered by insurance. Myers said that the board voted to approve cyber attack coverage in the spring.
“The board… were very proactive,” Myers said. “Dennis Valentine (with Insurance and Risk Managers) made the recommendation that we consider taking on cyber attack insurance. I’m thankful now. I appreciate the board being proactive in that respect.”
Stewart also said that the district doesn’t believe that the attackers would have been able to steal anyone’s financial information — that information is stored on external servers — but it might still be good practice for staff to have their routing information changed.
The district has not disclosed how much the contracts will cost, nor how much ransom has been demanded.