Huntsville City School District in Alabama has been forced to shut down for at least the remainder of the week due to a ransomware attack. The attack occurred during the day on November 30th, causing the district to dismiss students early. Due to COVID-19, Huntsville City Schools has been offering a both in-school and online learning options.
“Students, families, and faculty and staff members should shutdown their district-issued devices and ensure the devices remain off until further notice. Additionally, stakeholders should avoid logging on any HCS platforms at both school and home”
Out of caution, the district has warned families not to power on any school-owned devices and has stated that families will not be asked for any student’s personal information. The district is also working with local and federal law enforcement to investigate the attack.
Huntsville City Schools has not yet released information on the specific ransomware family responsible for the incident. With much of the world still working from home, the warning to keep school-owned devices powered off raises an interesting question about how school or work devices becoming infected may affect home networks and personal computers. With remote working or remote learning still common due to the pandemic, all organizations should create and maintain an incident response plan that includes response and notification procedures for a ransomware incident. Software and operating systems should also be regularly patched to the latest available versions, with anti-virus solutions being kept up to date. When an attack makes it through the outer layers of defense, it is important to have sufficient monitoring of endpoints and network devices, with a quick response from a Security Operations Center that operates 24 hours a day, every day. For a more in-depth ransomware defense best practices and how to deal with a ransomware incident, see the CISA Ransomware Guide.