NewsNorthern Arizona NewsFlagstaff News


Flagstaff schools back open after 2-day ransomware closure

KNXV Flagstaff Unified School District.jpeg
Posted at 4:29 PM, Sep 09, 2019
and last updated 2019-09-09 21:16:13-04

FLAGSTAFF, AZ — Students in the Flagstaff Unified School District returned to class Monday as officials continued to assess damage from a ransomware attack which forced the district to shut down on Thursday and Friday.

ABC15 has learned the attack may not be isolated to Flagstaff. At least one other district has been hit this year, and state officials issued a ransomware warning in July.

In Flagstaff, school officials spent the weekend "scrubbing" every computer in the district, a process which included recalling every teacher laptop to be backed up and reset to factory settings.

The biggest concern now: whether the district lost any data or records in the process. "That's still something we're trying to figure out," said Zachery Fountain, spokesman for FUSD. "It's going to be a process of standing up systems over time."

The district still hasn't pinpointed how the ransomware was able to infiltrate its servers, but the district never got a specific demand for ransom, and never paid one, Fountain said.

Instead, the district painstakingly disconnected any internet access, backed up files, and rebooted dozens of computers. "We locked things down really quickly, as part of our containment strategy," Fountain said.

It's not the first ransomware attack on a school district. In April, schools in Willcox were hit with a ransomware attack in the middle of AZMerit testing, and it took months to recover.

"It was not a good thing," said Willcox Superintendent Kevin Davis. Davis said schools did not have to close, because officials were able to find a temporary fix, but IT professionals spent months backing up and "cleaning" infected data, a process which lasted well into summer break.

It's not clear if the Willcox attack was the same ransomware which infected Flagstaff schools. In the Willcox case, hackers demanded a payment of two Bitcoin, or about $20,700, to unlock the computer system, Davis said. Willcox did not pay the ransom. Hackers often demand ransom in cryptocurrencies because it's more difficult to trace.

Davis said his office was contacted by the state auditor general, which issued a ransomware warning to government entities including schools in July. ABC15 has reached out to the auditor general's office to ask whether investigators have tracked any other ransomware attacks. We are still waiting for a response.

Flagstaff officials said the ransomware which affected their systems, was also used to attack some 20 other school systems nationwide.