SoylentNews is people
SoylentNews
Submitted via IRC for AzumaHazuki
Back to school: With latest attack, ransomware cancels classes in Flagstaff
As students returned to school across the country over the past two weeks, school districts are facing an unprecedented wave of ransomware attacks. In the past month, dozens of districts nationwide have been affected by ransomware attacks, in some cases taking entire school systems' networks down in the process.
All classes were cancelled September 5 at Flagstaff Unified School District schools in Arizona after the discovery of a ransomware attack against the district's servers on Wednesday, September 4. All Internet services were taken down by the school district's information technology team at about 3pm local time on Wednesday, when the ransomware was discovered during what district officials said was routine maintenance.
"We have had to break the connection from the Internet to our school sites while we work with Internet security experts to contain and mitigate the issue," FUSD spokesman Zachery Fountain said in a statement to press. No further details on the ransomware were released, and district officials are not sure whether any personal identifying information has been exposed.
More than 70 state and local government agencies have been hit with ransomware so far this year. This steady drumbeat of ransomware attacks against state and local government agencies, including school districts, has not gone unnoticed by citizens. People are increasingly concerned about the damage being done by ransomware. In a recent survey of 2,200 citizens conducted by Morning Consult on behalf of IBM Security, 75% of those surveyed across the United States acknowledged that they are worried about ransomware attacks on cities. And 60% said that cities should not pay the ransom for attacks when they fall victim; instead, they'd prefer focusing such spending on recovery costs.
(Score: 2, Insightful) by Anonymous Coward on Friday September 06 2019, @10:44AM (5 children)
...I would love someone to report what operating system was powering the servers that were compromised. Seems relevant.
(Score: 0) by Anonymous Coward on Friday September 06 2019, @11:36AM (3 children)
Hmmm, I wonder what operating system, and only what operating system, was affected? Routine maintenance? Software as a dis-service?
(Score: 1, Insightful) by Anonymous Coward on Friday September 06 2019, @12:57PM (2 children)
Linux isn't a magic bullet here. Weak passwords, unchanged defaults, idiotic sysadmin moves like not keeping up on patching, or surfing the Internet on a server, can all play a role in this.
Of course, backups are never done in these scenarios. And that shows the problem is low-skilled or overworked sysadmins. Which may make your argument -- It's a lot cheaper to get a Windows Admin than a Linux Admin.
(Score: 2, Insightful) by fustakrakich on Friday September 06 2019, @01:47PM
It's a lot cheaper to get a Windows Admin than a Linux Admin.
Your average first grade classroom is full of them. What could be a better education than having to clean up the mess the adults make?
La politica e i criminali sono la stessa cosa..
(Score: 0) by Anonymous Coward on Saturday September 07 2019, @06:36PM
Whether it's possible to get a Gnu/Linux system compromised is irrelevant and you know it.
The stupid whores are running Windows. They should be brought up on charges for embezzlement of tax dollars. They take money that was allocated for education of innocent children, lease slaveware with it to teach kids to be mindless consumers of software that is their enemy in every way, and then get the "school's" IT infrastructure compromised and "school" shut down. It's beyond negligence. It's theft and sedition.
(Score: 2) by stormreaver on Friday September 06 2019, @06:13PM
Also seems obvious. :)
(Score: 2) by VLM on Friday September 06 2019, @11:53AM (3 children)
My kids school outsources practically everything to Google, such that there isn't much locally other than HVAC/SCADA and physical security type stuff locally.
So its interesting to theorize if they do it similar the infection is maybe in the HVAC system controller so no AC and no lights, or it might imply they do all their digital stuff like attendance and similar stuff locally on Windows Servers that get powned easily, which is also interesting.
Most likely if they "had to" cancel the elementary schools, its something major internal to operations like the HVAC system is down or the door lock security system and cameras are down. Obviously you can run grade 2 without digital support, even if, maybe you can't run a HS pre-calculus class without the big screen projector for notes.
The big brother monitoring stuff they didn't even have when I was a kid is now a critical part of operations much like having a working water main or sewers has been. No digital attendance monitoring or no cameras means too much legal risk to open the school, now a days.
(Score: 2) by Nuke on Friday September 06 2019, @12:52PM (2 children)
There is no way that non-working water or sewers would have stopped my school from holding classes. Air conditioning - kidding aren't you? Not only did our school not have it, but our maths teacher, an ex-army major, ordered all windows to be opened wide even when there was snow outside; he boasted it was why he had never had a cold in his life.
(Score: 0) by Anonymous Coward on Friday September 06 2019, @01:01PM
Did you also have to walk uphill both ways, grandpa?
(Score: 3, Insightful) by gozar on Friday September 06 2019, @02:00PM
No water means no one can drink all day and no toilet services. The problem with no air conditioning is not that the students can't handle life without air conditioning, it's because the new climate controlled buildings can't cool down without air conditioning. In the 70s and 80s you can open the windows. The new buildings have smaller windows, and are designed only for emergency egress, not to open to cool.
(Score: 4, Touché) by Phoenix666 on Friday September 06 2019, @02:11PM
So glad the federal agencies that suck up hundreds of billions of our tax dollars are out there preventing this sort of thing.
Washington DC delenda est.
(Score: 2) by Runaway1956 on Friday September 06 2019, @02:51PM (3 children)
Any "administrator" who can't plan around internet down time needs to be sent back to school himself.
No, no, that's wrong. The jackass needs to be fired, and sent to work digging ditches. He lacks all of the most basic education that we were hoping he would pass on to our kids. As soon as he has been fired, you start scrutinizing everyone else in the chain of command, both uphill, and downhill.
(Score: 0) by Anonymous Coward on Friday September 06 2019, @07:58PM
But it is ever so much easier and efficient to simply ignore contingency plans and budget for appropriate backups!
"Efficient" in this sense meaning that if you have 500 school districts and only 1 of them gets a virus or suffers a catastrophic event with loss of irreplaceable data, then it is a less than 1 in 500 chance that the Superintendant and Board of that district will be called to account for such a lack. ("Less than" because there is a strong possibility that the Superintendant and Board will be held liable by that Board and or the voters. Instead they'll roast the CIO. Maybe.)
(Score: 2) by Common Joe on Saturday September 07 2019, @10:22AM (1 child)
Don't blame the administrator. It's a bit hard in this day and age when everything business-based is now in the cloud -- word processing, calendars, chat programs, schedules for nose-picking lessons, etc. And bosses and colleagues demand databases and servers should be in the cloud despite warnings from the administrator. And all applications being developed and used must be web-based. And password requirements be damned. It's obvious we don't need passwords to be longer than three characters despite repeated warnings from the administrator. But by this point, the administrator is obviously over-reacting and should be completely ignored.
Ahem. Not that I'm speaking from any kind of personal experience. *Cough*
(Score: 2) by Runaway1956 on Saturday September 07 2019, @01:32PM
Got ya - I'm empathizing. But, my "administrator" is the school administrator, not the network administrator. Any sys-admin worth talking to knows better. Any sys-admin who doesn't know better isn't worth the pink slip used to fire his ass.