A week after ransomware infected Flagstaff Unified School District computers, the district is continuing to investigate the cyberattack and is revisiting its policies to prevent a repeat incident.
Some of the devices that were disconnected from the district’s internet for protection Wednesday morning, like desktop computers and printers, are still being restored. Systems needed to sustain the school day were restored Sunday, FUSD spokesperson Zachery Fountain said.
Although details on the origin of the malware and number of infected devices are still unavailable, the district has contacted the Phoenix division of the FBI for help in the ongoing investigation.
FBI Phoenix spokesperson Jill McCabe confirmed the division’s Cyber Task Force is working with FUSD, but could not provide additional details on progress “due to the sensitive nature of the FBI investigation.”
At the FUSD Governing Board meeting Tuesday, Technology Director Mary Knight said the district’s infected devices were reimaged; however, older devices that were not able to be updated will need replacement. She said there were three such devices at the District Administrative Center alone.
The other FUSD Windows devices, including employee laptops, were reset to their factory settings. It remains unclear whether or not documents saved directly to these laptops (instead of to the district’s networks) will be salvageable, despite steps taken to preserve them, Superintendent Mike Penca said at the meeting.
Laptops were collected at Sinagua Middle School Friday morning, during the second day of school cancellation, and returned to staff Monday morning.
You have free articles remaining.
As the district moves forward, Penca said the goal will be to strengthen the “human firewall” with new cybersecurity trainings and initiatives, including mandatory trainings at the districtwide professional development day in November and meetings with other school districts to communicate lessons learned from the incident.
“I just challenge and encourage everybody to try to take one step forward in changing their practices,” Penca said.
FUSD’s liability coverage through the Arizona School Risk Retention Trust, which provides cybersecurity insurance, will also help supply these trainings.
Employees have been asked not to connect external devices like flash drives to their school devices. District officials are also reconsidering whether or not personal devices will be allowed to connect to the district network, though there is a need to do so for individuals like student teachers, Knight said.
As the start of the 1:1 technology initiative approaches, with distribution of iPads scheduled for January, Knight said there will be additional opportunities for cybersecurity awareness, such as digital and internet safety handbooks for students and their families.
According to the FBI’s Internet Crime Complaint Center, there were nearly 1,500 victims of ransomware reported to the center last year in the United States and 14 in Arizona.
A report by Armor Defense, Inc., a cloud security company, found there were at least 10 other school systems throughout the country that have publicly reported ransomware attacks. Schools are the second largest group to be targeted by ransomware, after municipalities.