Ransomware Attack Causes School 'District-Wide Shutdown'

A ransomware attack hitting Las Cruces Public Schools forced the district to shut down the entire computer system to contain the infection.

Exchanging information with schools is impaired as email and other forms of computer-based communication is no longer possible at this moment.

Swift action does not save the day

The district activated the crisis response team and is working to restore critical services. It is unclear at this point how long the systems will be down.

The IT department discovered early Tuesday morning (7 a.m.) that some servers were compromised and reacted quickly by shutting down the entire computer network of the district.

Communication with schools in the district is done via phones and handheld radio stations.

Although the incident is serious, schools remained open and their activity follows the normal schedule, classes not being disrupted.

"At this time we do not believe staff or student data has been breached or compromised," district officials said in a statement for Las Cruces Sun News.

The same local news outlet reports that the New Mexico State University alerted its staff not to open any emails coming from Las Cruces Public Schools (LCPS) as they may carry malware.

Additional precautions were instated, such as blocking direct network access to LCPS and incoming traffic until the situation becomes clear.

Schools are common ransomware targets

Recovering from a ransomware attack can take significant time even when caught early. Experts need to determine how far the infection spread, clean affected systems and restore them, check what data was affected and recover it, preferably from backups.

Gadsden Independent School District is still recovering from a Ryuk ransomware attack in mid-July, working on rebuilding the email system and retrieving archived emails.

Ransomware attacks were rampant this year, making victims among government, education, and healthcare entities like never before.

A report from Emsisoft released at the beginning of the month says that since the beginning of the year there were 62 ransomware incidents involving various educational organizations (school districts, colleges, universities). The potential victim count is over 1,000 educational establishments.

A similar report from cybersecurity company Armor notes that since January 2019 there were 54 ransomware attacks disclosed publicly by educational institutions. By their count, the potential number of schools affected is over 500.

The reason these numbers are worryingly high is that cybercriminals realized that hitting organizations in the public sector has a better chance of getting paid as they are insufficiently prepared for attacks and have to function to provide public services.