Dear Parents, Guardians, and Staff:
At approximately 9:22 a.m. on Monday, September 29, our IT Help Desk received three requests for assistance within minutes of one another. These requests were from students who reported that their homework folders on one of our file servers had been encrypted and locked.
The students reported receiving notification upon attempting to gain access to their files that those files had been encrypted and would only be unlocked if they sent $500 (ransom) to a Bitcoin account. At that point it was clear that a code, known as ransomware, had reached a district computer and began affecting files on at least one of our file servers.
The district has been told that ransomware encrypts files on a computer or on file servers and literally holds them for ransom. When the individual whose files have been locked pays the ransom (in this case, to a Bitcoin account), that person is then sent a code and the file is unlocked.
On Monday morning as the incident was unfolding, we immediately contacted an outside service provider, Global Data Consultants (GDC), who conducted a forensic analysis/security review. This process began on Tuesday morning. Their scans were completed by 3:00 p.m. on Tuesday, September 30, and confirmed that our systems were safe. They also confirmed that our anti-virus software is working well. No remnants of the ransomware were found.
The file that was put on our system through a district laptop is known in the media as CryptoWall ransomware. Here is a link to an article about ransomware in case you are interested in learning more. http://www.pcworld.com/article/2688992/malvertising-campaign-delivers-digitally-signed-cryptowall-ransomware.html. We were able to immediately track the inception of this file to a specific district computer. That computer is being turned over to the FBI for further investigation.
Our consultant has advised us that the people who use ransomware to encrypt and lock files cannot read those files. Therefore, we have been advised that there is little risk of identity theft in a case of this nature. While more than 3500 student homework folders were encrypted, we have no present evidence of any intrusion into student personal data or any other sensitive information.
The employees of our Information Technology (IT) Department deserve the highest accolades for the quickness of their response and their expertise in immediately quantifying this issue and quarantining the file servers. The crucial steps they took prevented a much larger and more widespread issue.
By Monday evening, all files on our servers had been checked and restored to a point on the day preceding the incident. Therefore, no files were lost and all have been restored to students or affected staff.
The independent analysts, who confirmed our belief that our systems were safe, will be working with us to conduct further tests on our system to ensure that every possible safety precaution is in place to protect student data and student and staff files. It bears repeating that we have no evidence that either our student or financial information systems have been placed at risk. I would advise you to read the article and to understand how a single click on a trusted webpage on any type of advertising could put your own files at risk.
IMPORTANT ANNOUNCEMENT REGARDING LANDIS FIELD
Central Dauphin School District
600 Rutherford Road
Harrisburg, PA 17109
Hours: 8:00 am to 4:00 pm
Central Dauphin, a uniquely diverse school district, ensures all students a challenging and dynamic curriculum that prepares them to succeed in a changing, global society by inspiring lifelong learning in a caring, collaborative community.
October 8, 2014