BUFFALO, N.Y. (WIVB) — UPDATE: The district says it’s working with technology industry experts and law authorities to resolve yesterday’s ransomware attack.
“We continue to work to protect our information systems and will update you periodically as progress is made toward Monday’s school day,” Buffalo Public Schools tweeted.
ORIGINAL: The Buffalo Public Schools say they experienced a “ransomware event” Friday morning and are being assisted by the FBI to resolve the issue.
The district says no demands have been made at this point, though the FBI has advised that the ransom could range from $100,000 to $300,000 if and when a request is made.
As a result of the attack, remote learning was canceled Friday for BPS students.
The BPS IT department said it reached out to experts in the field that have experienced similar events for guidance. The district has confirmed the FBI is “engaged and assisting.”
Currently, their IT team is working to recover “critical systems” for teaching and learning. Preservation of critical data, “reinfection” minimization and supporting the criminal investigation into this event, is top priority, according to BPS officials.
BPS Superintendent Dr. Kriner Cash said if the problem cannot be resolved over the weekend, he will have to cancel school on Monday.
“If we can’t solve this during the weekend, then I will have to call school off for Monday. and for the near future if need be if need be. we’re anticipating that we don’t have to do that. but I will be making that call sometime over the weekend.”Dr. Kriner Cash, Superintendent, Buffalo Public Schools
Officials hope to determine the full scope of the issue over the next few days.
The district provided an outline of the following next steps they will follow:
Technical Next Steps for Recovery
-Office365, Teams, Infinite Campus, Munis, Schoology, Versatran, Blackboard, Clever, ATK2 (phone system) are identified critical systems for recovery.
-Validate the status of Office365.
-Validate the status of Tyler Munis (backup) and can it be restored in a cloud environment.
-Validate the status of Infinite Campus.
-Validate the status of Azure AD and can it be the primary source for authentication.
-Create a clean segmented network and restore to Cloud if possible.
-Restore authentication services.
Cyber Investigation Next Steps
-Superintendent approved an emergency contract with Grey Castle for cyber security investigation.
-The district’s Chief Financial Officer, General Counsel, and Director of Purchase were notified and agreed to the execution of the emergency agreement.
-Work with Grey Castle to collect initial investigative information.
-Install Carbon Black on all servers and endpoints.