FLAGSTAFF, AZ — Flagstaff Unified School District officials worked over the weekend to try to resolve a cyber security issue that forced all schools to close Thursday and Friday.
Officials said Saturday on the district's website and on Facebook that they expected to announce Sunday whether schools will reopen Monday.
Officials said they were working to secure critical internet-based systems while investigating the origin and possible damage resulting from the ransomware in the district's computer system. It was discovered Wednesday.
Officials cut off access to the internet and the Arizona Daily Sun reported that hundreds of teachers and other district employees on Friday turned in their Windows devices at a middle school so they could be scanned for contamination and have new malware protection installed.
In a process resembling student registration check-ins, employees filled out papers listing their names, ID numbers and contact information before proceeding to tables where devices were catalogued before being taken away for restoration.
If all goes well, the devices will be dropped off at their users' schools Monday morning.
"If we don't do this, we're at risk of re-infestation because there could be a contaminated machine that, when they turn the system back on, could cause us to lose all the work that we've done in the last couple of days," Superintendent Mike Penca said.
Staffers had used the middle school's library computers -- already cleaned and protected -- to learn how to install the necessary software protections on more than 2,000 district devices.
IT personnel from Computer Community College and other organizations were helping the school district's own staff.
"We're a small community and they are very close to us so we want to help them out. They'd do the same for us," said Brian Wilson, the college's director of IT services.
The ransomware -- a form of malware that typically requests payment in exchange for access to locked computers -- was spotted when a message popped up.
District Technology Director Mary Knight said the message did not include a specific dollar amount but had untraceable contact information to encourage negotiation.
The district wouldn't consider doing that, she said.
Penca said the district's response includes checking systems that control school doors, the bell system, transportation and food services and even air quality controls.
"We know how disruptive this is to our families. Canceling school is one of the most difficult decisions I make as a superintendent and it's not one I take lightly," Penca said. "We just need to know, when we have kids back, that our school environment is safe and that we can operate as normal."
The district's governing board on May 28 approved a $1.18 million purchase of a five-year contract for security software to help stop such cyber attacks.
Penca said the software being installed over the weekend was part of the overall cyber security plan already being implemented.
"This just speeds up the timeline," he said.