Ransomware Postpones First Day of School for Hartford Students

As educators, parents and students braced for the start of the academic calendar, the focus on the uncertainties of returning to school during COVID-19 gave way to a different type of threat when a ransomware attack forced a Hartford, Connecticut school district to cancel the first day of classes. 

The ransomware attacked more than two-thirds of the school districts servers, impacting essential systems which made on-site student learning and district-provided busing impossible. Citing these two challenges, Hartford officials had no choice but to send out notices that the first day of school was being postponed for the nearly 18,000 students and 1,600 teachers. 

After further investigation, the city confirmed that the ransomware virus had entered their systems a few days prior to being discovered and investigators were confident that no personal, private or financial information was accessed or stolen in the attack. Upon learning about the attack, the city was quick to act, and administrators spent the weekend restoring and rebooting their systems, as well as inspecting all district hardware to confirm devices were safe for in-person and remote instruction.

The attack also impacted Hartford’s first responders, but the harm was described as more of an inconvenience to their back-end services and did not impact any operational capabilities that would prevent or delay emergency service response time. Hartford Mayor Luke Bronin stated the ransomware attack was the "most extensive and significant attack in the last five years in the city". As of this article no details have been released on the amount of ransom requested or if the attack was even targeting to delay the first day of school. The FBI and Hartford Police Department are still investigating the attack and classes resumed without incident the following day.

While the postponement was met with understandable frustration and disappointment from faculty, students and parents, the reality of the situation is that the damage could have been much worse if the city of Hartford did not take cybersecurity seriously. Bronin had seen the impact of ransomware attacks on other Connecticut communities in the past and worked with city officials over the prior year to invest approximately $500,000 in cybersecurity improvements, which he directly attributes to the successful response to the attack and for preventing any significant damages.

This is the second confirmed ransomware attack on a school district this fall, with the other being a 16 year-old student at South Miami Senior High School reportedly responsible for 12 cyberattacks on the Miami-Dade County Public School system in Florida.

With the focus on how students are returning to class, and an increase in virtual learning in the current pandemic world, this story is another reminder that organizations need to keep their guard up against cyber threats. We know firsthand that incidents like this can strike at any moment, and the importance of assessing security posture, investing in cybersecurity and planning for incidents can be the difference between missing one day of school or shutting down an entire municipality.

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at [email protected]. 

In addition, our Incident Response Team is available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident.