Springfield Public Schools is one of the largest school districts in Massachusetts. Within the district, there are more than 60 schools, over 25,000 students and 4,500 staff members. Due to COVID-19, the district was currently planned to remain in a fully remote learning model through the end of October. Yesterday, the district announced that remote learning was cancelled for the remainder of the day due to “issues with our network.” After the announcement, families were notified that the district was the victim of a cyberattack and that school devices should be shut down. Although a source told Bleeping Computer that the incident was due to a ransomware attack, a public announcement by Mayor Domenic J. Sarno and Superintendent Daniel Warwick stated that “It is anticipated that the risk will be cleared and resolved in the near future so that remote learning may continue.”
It is not yet clear how the incident with Springfield Public Schools took place. Phishing is one of the most common tactics for any type of intrusion and the threat should be taken just as seriously in a school environment as it is for businesses. Schools should consider investing in security awareness training (specifically geared towards phishing) for their staff and restricting student email accounts from communicating or receiving email outside of district-owned or approved domains. To protect the district from data loss, follow the 3-2-1 backup rule. Keep at least three copies of your data. Store the copies on at least two different forms of storage media. Keep one copy offsite. Should ransomware ever encrypt one form of backup connected to the victim machine, recovery should be possible with another safe copy.