CHAMBERSBURG, Pa. — Update, Sept. 11: Chambersburg Area School District announced in a social media post that students are instructed to bring in their district-issued Chromebook or iPad back to school starting tomorrow, Sept. 12.
For security reasons, the district has reset all passwords, and teachers will begin the process of helping students log in with their new credentials.
The district assured parents that the recovery and restoration of their technology resources are continuing to move forward after the ransomware attack in the post.
Update, Aug. 31: Chambersburg Area School District announced Thursday afternoon that all schools will be open on a regular schedule for Friday, Sept. 1.
For Thursday's two-hour delay schedule, students were instructed to leave their Chromebook and iPad devices at home for the remainder of the week and visitors and volunteers will be prohibited from entering buildings.
Technical limitations are still to be expected, according to the district, and students will not be able to access the internet.
The district confirmed Thursday, Aug. 31 that the technological disruption is related to a "ransomware event."
"We will continue to investigate to determine the full nature and scope of this event working alongside our subject matter specialists as well as law enforcement," CASD staff members posted on the district's website.
Previous: For the third day in a row, the Chambersburg Area School District canceled all classes due to “temporary network disruptions.”
The school closures come less than one week into the new school year. In a statement online, the district said it was “working diligently with third-party forensic specialists to investigate the source of this disruption, confirm its impact on our systems, and to restore full functionality to our systems as soon as possible.”
Cyber security expert Angel Kern, who is not working with the district’s forensics specialists, said the likeliest cause of the service interruption was a ransomware attack.
“Ransomware is particularly nasty. If you lose access to your systems, you cannot teach. You cannot access your systems to teach. So it’s not surprising,” said Kern, who teaches cybersecurity at Penn State and at Technical College of the Lowcountry in South Carolina.
As of Wednesday morning, the school district could not confirm its servers were hacked.
However, at least 120 school districts have been victims of a ransomware attack so far this year, according to cybersecurity firm Recorded Future. Many schools store sensitive data, such as student social security numbers and medical records in their systems.
“It’s really difficult to protect against ransomware. All it takes is one employee clicking a link in an email, especially if it’s an administrative level employee, you lose control of all your systems and you either pay the bitcoin and you recover from backups,” Kern said. “If a hacker has control of those servers, of course, they have access to that data.”
Concerned parents called for answers from the school district at a school board meeting on Tuesday evening.
“I'm just wondering why we're not saying what is actually going on,” one parent said during the meeting’s public comment period. “Because I have friends that work in the school district and they said that the systems got hacked.”
The school district’s official policy in the event of a breach of computerized personal information states that the district must notify students and parents affected by the breach without “reasonable delay.”
Though sensitive information could have been compromised by a ransomware attack, cybersecurity experts said parents should not panic.
“Look at all the hacks and ransomware attacks. Your data is probably already out there,” Kern said.
With that in mind, Kern advised those affected—and everyone else—to check their bank and credit card accounts regularly, as well as freeze their credit with all three credit reporting agencies.