Ransomware operators have attacked the Huntsville City Schools district in Alabama, forcing them to shut down schools for the rest of the week and possibly next week.
The Huntsville City Schools district is the sixth-largest school district in Alabama, with almost 24,000 students, 2,300 employees, and thirty-seven schools. Due to the COVID-19 pandemic, the school district offered both in-school instruction and a fully online learning experience.
On November 30th, just as students returned from Thanksgiving break, the school district performed an early dismissal of students after a cyberattack disrupted their IT systems.
To prevent the ransomware from spreading to devices loaned to students and faculties, the district asked that all district-issued devices be shut down and remain off until told otherwise.
“Students, families, and faculty and staff members should shutdown their district-issued devices and ensure the devices remain off until further notice. Additionally, stakeholders should avoid logging on any HCS platforms at both school and home,” Huntsville City Schools district stated in a message to parents.
Soon after, the Huntsville City Schools district acknowledged that it was a ransomware attack and that they were forced to shut down schools for the rest of the week, and possibly into next week, as they recover.
Families have been warned to be suspicious of any emails from the Huntsville City Schools district requesting student information as it could be phishing attacks from the ransomware threat actors.
“Families will not receive any district correspondence requesting their student’s name or personal information. HCS encourages families to be extremely cautious in sharing personal information with anyone. Avoid opening any emails and do not click on any links from unfamiliar email accounts,” the district warned
As ransomware gangs commonly steal unencrypted data before encrypting devices, some parents expressed concerns about whether student information was compromised.
“You guys need to be extremely transparent with this process and we need to know exactly what info was compromised on your servers and how it was achieved,” a parent posted to Facebook.
Source (Bleeping Computer)