Dive Brief:
- While trying to retrieve stolen data from its network, the Little Rock School District’s board voted 6-3 on Dec. 5 to approve a $250,000 settlement that would end a recent ransomware incident. An LRSD school board member accidentally shared the dollar amount of the settlement during the public board meeting.
- The 21,200-student district in Arkansas has released very few details about the cyberattack since the Dec. 5 meeting. However, a final agreement has been reached, according to a Dec. 15 letter to the school community from LRSD Board President Greg Adams.
- Once there is a final confirmation that the district has retrieved its stolen information, Adams wrote the district will contact every person whose data may have been compromised, and those potentially affected by the incident will also receive credit monitoring and identity services. The same services will be provided to all district staff “as a precautionary measure.”
Dive Insight:
The FBI, the Cybersecurity and Infrastructure Security Agency and the Multi-State Information Sharing Analysis Center highly discourage paying a ransom in the midst of a cyberattack because victims’ files are not guaranteed to be recovered.
School districts, which often lack resources to combat cyberthreats, are a major target for malicious cyberattacks — particularly ransomware attacks, according to the Multi-State Information Sharing and Analysis Center.
“Furthermore, payment may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities,” the federal agencies said in a September alert. That joint statement was issued following the major ransomware attack against the Los Angeles Unified School District.
In addition to trying to get a handle on the cyberattack, LRSD’s school board met in a private meeting on Nov. 21 over the data emergency, security plans and the security of the district’s IT systems, Adams wrote. The district was told by its advisors “to minimize the public messaging” about the cyberattack, because “it could cause drastic and harmful actions by the Threat Actors,” he said.
“This is a horrible, horrible, horrible situation, and there aren’t any good options,” said LRSD Superintendent Jermall Wright during the Dec. 5 board meeting. “There is much more information that the general public just is not privy to that we just can’t disclose just because of the ongoing investigation and the ongoing negotiations, and it makes it look like we are intentionally… being negligent, and that is simply not the case.”
Wright said he realized this situation does not help the community’s already frayed trust in the district.
“We are not the enemy. The enemy is the folks who attacked our system,” he said.
To mitigate a ransomware attack, federal agencies recommend focusing on and fixing known exploited vulnerabilities in a network, training users to understand and report phishing attempts, and implementing multifactor authentication.
To help maintain community trust, experts also recommend districts immediately communicate when a cyberattack occurs. Leaders should also share how the district is responding, who is affected by the incident, how the district will notify those impacted as more information comes out, and what cyberattack victims can do at that moment.