It is not a matter of “IF” your school district is going to get hacked; it is a matter of “When”!

At Window Rock Unified School District (WRUSD), we thought we were safe. We thought we were secure. We thought we were remote enough/small enough no one would be interested in us. We were wrong.

The first piece of advice for the readers scanning this blog is to IMMEDIATELY stop reading it and buy Cyber Security Insurance for your school district.

The Story

WRUSD had just purchased Cyber Insurance the third week of July, 2022. The first week of August…Cyber Internet Pirates sent a Trojan Horse email to several school administrators. The email was disguised well; as a financial Excel spread sheet from the Arizona Department of Education. One department head opened the email and its related attachment, then forwarded the “financial information” on to the Business Office. The financial employees in the Business Office consequently opened the email because they believed the information came from a trusted source; a WRUSD department head/administrator. Ultimately, employees of the WRUSD opened a Trojan Horse email and its related attachment nine different times in the span of eight minutes. The ransomware damages unleashed in the servers of the WRUSD sent the school district back to the 1970’s and crashed our entire financial system. binary 823336 1280

The virus methodically and systematically attacked our financial data. It first tried to wire transfer funds to overseas accounts. Luckily our financial data was encrypted; the attempt failed. The Cyber Internet Pirates then set up a firewall around our financial data holding it hostage and communicated to WRUSD that large sums of money would make them “feel better” and upon receipt of funds they would be glad to release the data. After numerous calls with the Department of Homeland Security and the Federal Bureau of Investigation, WRUSD decided to heed advice of the federal agencies and NOT pay the ransom. With no remediation options available, and out of fear that the Internet Pirates would ultimately crack the encrypted financial data being held hostage, WRUSD worked with the insurance company to seal all data and encapsulated their firewall with one of our own; ensuring that the financial data would be sealed forever. In essence, WRUSD eradicated itself financially from the face of the earth as if the school district never existed. We were dead in the water. We could not receive funds, we could not disperse funds. Panic hit as payroll deadlines were rapidly approaching.

Working with our insurance provider WRUSD began the slow and painful process of rebuilding the financial server from scratch.

What did this mean:

  1. Payroll was two weeks late for all employees – much anger from employee groups as personal overdraft fees began to rapidly increase.
  2. All vendor payments were late as we could not disperse funds.
  3. WRUSD had to figure out how to live off of carryover since electronic deposits from both the state and the feds were not available.

WRUSD – Where are we now – three months into the financial rebuild:

  1. Old school payroll paper paychecks have been established for all employees.
  2. Late fees have been resolved with vendors/creditors.
  3. Old school paper checks are able to be issued to major vendors – minor vendors have been ignored for the short run.
  4. Payroll server should be up and running by Halloween.
  5. Financial server should be up and running by Thanksgiving/Christmas.
  6. Federal Grants Management server/program should be up and running by Thanksgiving.
  7. All holiday time for financial department employees will be spent inputting data from this school year’s transactions into the new server.
  8. WRUSD has notified the State Auditor General that five years of previous financial data is lost for forever. Consequently, WRUSD will be in violation of state financial laws per the State Auditor General.
  9. WRUSD has partially recovered employee payroll deduction data from last fiscal year from an old reporting file sent to county officials, and we are optimistic that we can get W-2 information out to our employees by the January deadline.

brett jordan 0jiovxjj7py unsplashThe financial recovery of the WRUSD is slow and painful, but it would not have happened if we had not purchased Cyber Insurance.

Education and policy leaders also need to immediately invest in securing our school networks, including modernizing essential technology funding such as the Erate to make this happen for all school systems.

 

Dr. Shannon Goodsell, Superintendent
Window Rock Unified School District (AZ)

Published on: Oct 13th, 2022

CoSN is vendor neutral and does not endorse products or services. Any mention of a specific solution is for contextual purposes.