Ransomware attack hits Lebanon schools

A screenshot of the warning screen from a purported ransomware attack, as captured by a computer user in Taiwan, is seen on laptop in Beijing, Saturday, May 13, 2017. Dozens of countries were hit with a huge cyberextortion attack Friday that locked up computers and held users' files for ransom at a multitude of hospitals, companies and government agencies. (AP Photo/Mark Schiefelbein)

A screenshot of the warning screen from a purported ransomware attack, as captured by a computer user in Taiwan, is seen on laptop in Beijing, Saturday, May 13, 2017. Dozens of countries were hit with a huge cyberextortion attack Friday that locked up computers and held users' files for ransom at a multitude of hospitals, companies and government agencies. (AP Photo/Mark Schiefelbein) Mark Schiefelbein

By NORA DOYLE-BURR

Valley News Staff Writer

Published: 06-29-2023 4:25 PM

LEBANON — The Lebanon School District was hit by a ransomware attack earlier this month, according to outgoing Superintendent Joanne Roberts.

After learning of the June 15 attack, the district engaged “outside cybersecurity experts” to help secure its systems and investigate the nature and scope of the attack, Roberts wrote in a Wednesday email. Out of caution, the district shut down systems such as payroll and PowerSchool, a database used to manage student information.

“Although the district maintains a robust data security program, which includes safeguards to mitigate the risk of cyberattacks, these attacks are becoming increasingly sophisticated and have targeted organizations across many industries, including education,” Roberts wrote.

The investigation is ongoing, but, so far, the district has not found evidence that unauthorized acquisition or misuse of personal information occurred, she said.

The district, which has about 1,600 students and 360 employees, also has informed staff, parents, as well as the district’s insurance carrier, the U.S. Department of Education and local and federal law enforcement agencies of the attack. It will continue to provide updates as the investigation progresses, she said.

Lebanon Police Lt. Richard Norris, who supervises the department’s cyber crimes unit, said the unit is working with the district and its insurance carrier to investigate the attack.

Norris said there was an initial demand letter that didn’t request any money and to his knowledge there hadn’t been a second demand letter. The department is on the lookout on the “dark web” for evidence that any data gathered from the attack is being used maliciously. If they find it, they will notify the school district, he said.

“Typically in these attacks, it’s very common that they have removed information from the system,” Norris said.

Article continues after...

Yesterday's Most Read Articles

Zantop daughter: ‘I wish James' family the best and hope that they are able to heal’
Some families find freedom with Newport microschool
Editorial: Chris Sununu’s moral vacuum
Kenyon: Hanover stalls on police records request
Out & About: Vermont Center for Ecostudies continues Backyard Tick Project
Column: Vermont needs to address its entire education system

While Norris said he wasn’t aware of other victims of ransomware attacks in Lebanon because the department only learns about them when they are reported, such attacks or attempts to access computer systems are common.

There are ways that both users and system administrators can protect themselves against such attacks. Users can prevent “bad actors” from gaining access to systems by avoiding opening attachments and links from unknown sources. Administrators can help by giving users access only to the parts of a computer network they need to access for their work. They also can implement email scanning programs to look out for common viruses and malware, Norris said.

“It’s all about mitigation,” Norris said.

If an employee happens to click on a malicious link or attachment but doesn’t have access to the network because they don’t need it, the malicious program’s ability to access the system is limited.

“I think education is key when it comes to this stuff,” Norris said.

He urged users to be skeptical about whom they are conversing with online.

“It’s sad that you have to be that way,” he said.

In the wake of the attack, the district is reviewing its processes and procedures to find ways to further bolster its data security program, Roberts said.

After nearly nine years with the district, Roberts’ last day as superintendent is Friday. The new superintendent, Amy Allen, previously an assistant superintendent in the Manchester School District, starts July 1.

Nora Doyle-Burr can be reached at ndoyleburr@vnews.com or 603-727-3213.