By Lauren Zeugner
SYRACUSE — A ransomware attack on Wawasee Community Schools late last week is now being investigated by the FBI, Department of Homeland Security and the Indiana Department of Education.
Dr. Stephen Troyer, superintendent of Wawasee Community Schools, explained during a phone interview Monday afternoon, Jan. 23, that around 6 a.m. Friday, Jan. 20, the school corporation was alerted to a possible ransomware attack which shut down all Windows-based systems. A ransom was demanded, $1.5 million if paid within five days of the attack, $2.5 million if paid after the first five days. “Essentially it’s extortion,” he said.
While all school servers connected to the internet or devices that were linked, such as computers to printers, were affected, student devices were not. The attack also did not affect any records regarding student, staff or teacher information. Troyer explained that information is stored off-site.
“One of the things we’ve been eager to hear is that we did not have any of our students, faculty or employment records compromised,” Troyer said.
Troyer explained all Wawasee students use Chromebooks and they were not affected by the attack; however, teacher laptops were. “We had school Friday,” Troyer said, “but there was no Wi-Fi at all. … It was like school back in 1985.”
A rumor students were banned from using their phones was “just that — a rumor,” according to Troyer, since there was no access to the internet at any of the schools in the corporation.
Troyer explained both school officials and law enforcement are sure the attack was not conducted by students. “A lot of these situations are not based in the U.S.,” Troyer explained.
Cyber attacks like this are considered federal crimes. Should the perpetrators be caught, they face a fine and up to a 10-year prison sentence if this is a first offense for this type of crime or a 20-year sentence if they have been convicted of at least one similar crime in the past.
Troyer said there was no warning prior to Friday’s attack. “A lot of times, ransomware will come in and sit dormant for a while before it hits,” he explained. The investigation is in the very early stages, so investigators are not sure yet if Friday’s incident was caused by dormant ransomware or if it was a flat-out attack.
The impacted server has been pulled from the system and sent to law enforcement for forensic investigation to determine how the ransomware infected the corporation’s system and who may have done it.
Troyer said Wawasee’s technology team believes the ransomware spread from one computer to a corporation server and spread from there.
“Our tech team has been incredible,” Troyer said, explaining the team was on-site all weekend, usually late into the night, rebuilding the corporation’s computer servers and restoring internet access.
The technology team has had to rebuild everything from scratch for the corporation and is trying to do that in the background as much as possible. One member was at work at 1 a.m. Monday morning making sure the link between school computers and printers was working correctly.
“The students are all on Chromebooks, so they’re having a fairly normal day,” Troyer said. “Teachers are having about a 50% access day. That is a huge improvement from Friday.” As of Monday afternoon the tech side was at about 25 % toward normal. “We’re really working hard to ensure education in the classroom is not impacted,” Troyer said.
Troyer also credited the community for its support the last few days. “Our community has rallied around the tech team as well, making sure they’ve been fed,” he explained.
As the corporation works through the criminal side of the investigation it has taken a team approach to address the situation.
Troyer said this is not the first time there has been a ransomware attack. There was one earlier prior to his tenure as superintendent.