Hartford, Conn. city officials were forced to postpone the first day of school set for Tuesday, Sept. 8, after a ransomware virus caused an outage of critical systems. As reported by local news, the City's critical systems were damaged over the weekend and restoration of the systems is still not complete. Hartford Public Schools has approximately 300 servers and more than 200 were attacked in the ransomware virus attack.
Hartford Mayor Luke Bronin stated that the cyber attacker gained access to the systems on Thursday and then on Saturday, the virus actually attacked the systems and the IT team worked through the weekend to access and restore the affected systems. Now the IT team is going system by system and server by server to restore the systems, Bronin added.
This ransomware attack was the most extensive and significant attack in the last five years in the city, according to the mayor.
Hartford Public Schools Superintendent Dr. Leslie Torres-Rodriguez stated the city was able to restore the student information systems around midnight. “It houses all of our student addresses, our grades, our attendance. It’s all housed there. It’s all been fully restored,” she said.
While the ransomware attack didn't impact student learning platforms, a different system that's important for some students attending in-person learning on the first day of school could not be restored. This is a system that communicated transportation routes to the bus company and is what is preventing the school for operating.
This attack is the latest in a slew of education-based breaches. In its latest State of Email Security Report, Mimecast examined the effects of ransomware and email attacks on the education sector. According to the report, 32% of schools in the public sector said that ransomware impacted their operations in the last 12 months; on average, they experience 2-3 days of downtime as a result of a ransomware attack. In addition, the Mimecast report also found that 57% of respondents have seen an increase in phishing and 52% have been hit by an attack where malicious activity is spread from an infected user to other employees.