Cyber security expert weighs in on Huntsville City Schools ransomware attack

HUNTSVILLE, Ala. (WAFF) - It’s a week off from school for students within the Huntsville City School District. Students will not be reporting to class in person or signing in virtually for the remainder of the week due to a ransomware attack on the district’s computer network.

Teachers and staff will report later this week to create offline material.

District administrators said federal investigators are looking into the scope of the attack and what kind of personal information was released.

Kate Smith spoke with Martin Federal Senior Cyber expert Dr. Wesley McGrew.

Doctor McGrew said it could take weeks and thousands of dollars in cash, not in the district’s budget, to get back up and running. He said all the district’s data could be compromised unless the backups were properly saved.

Like many who saw the news Monday, Dr. Wesley McGrew believed Huntsville City Schools were shutting down due to the coronavirus. He said he has never seen a school district shut down all operations due to a cyber security threat.

“Huntsville has, you know, some of the smartest minds in the country and for it to impact the school district in such a significant way shows you there are many, many organizations that can fall victim to this,” said cyber security expert Dr. McGrew.

Monday morning, almost 23,000 students were forced to turn off any and all school devices due to a ransomware attack on the districts network.

McGrew said a ransom attack is designed to block access to an internet system until compromising information or money is paid to the culprits.

“Try to determine what you are good for, basically. You know, they are going to present a number that is not comfortable, but doable.”

Huntsville City Schools spokesperson Craig Williams wouldn’t confirm if the attackers are looking for cash or personal information. But he did say the FBI believes the attackers are an outside entity.

“They are trying to figure out, can we restore from backup? Is this something they can reverse the encryption on their own with the help of a third-party service, or are they going to have to negotiate with the attackers to get access back to the data or lose the data?”

Huntsville City Schools utilizes security systems like firewalls and antivirus systems to prevent these kinds of attacks from happening. McGrew said all it takes is one wrong click.

“Just the time for the investigators and incident handlers to clear the system and bring them back online and investigate will be higher than the ransom.”

Doctor McGrew said he doesn’t believe there is a risk if your cell phone, or personal laptop was linked to the school’s platforms or email account.

However, you are encouraged to be extremely cautious in sharing personal information with anyone. Avoid opening any emails and do not click on any links from unfamiliar email accounts. A district spokesperson said families will not receive any district correspondence requesting their student’s name or personal information.

If anyone does contact you asking for personal information, you need to contact the police.

HCS will serve curbside meals Wednesday, Dec. 2 through Friday, Dec. 4 between 11 a.m. until 1 p.m. at all school campuses.

Copyright 2020 WAFF. All rights reserved.