Copyright © 2022 Albuquerque Journal
The cyberattack that forced a two-day cancellation of classes last week at Albuquerque Public Schools was in fact a ransomware event in which there was some type of extortion demand. But APS officials are not saying what was demanded.
During a virtual news conference late Tuesday, APS Superintendent Scott Elder confirmed the ransomware attack but said the district has been advised by the FBI and cyber security experts not to provide specific details while the investigation continues, including the possible source of the attack.
He did say that “it is not uncommon for these attacks to originate outside the United States.”
The attack on the Student Information System was discovered by teachers and administrators on Jan. 12, forcing the cancellation of classes the following two days. This past Monday was the national holiday honoring Martin Luther King Jr., so there were no classes scheduled.
“I’m proud to say that students and staff did return to classrooms (Tuesday) after we found a workaround that allowed us to take attendance, contact families in the event of an emergency and ensure students leave campuses with authorized adults,” which is the main function of the SIS system, Elder said. “Even better news, as of 4:30 (p.m. Tuesday), our team was able to restore our primary Student Information System, so beginning tomorrow we won’t even have to use the workarounds.”
Elder said that no other computer systems within APS were affected, and he emphasized that “at this time, there is no evidence that information about staff, students and families was compromised.”
Asked what the district was doing to prevent future cyberattacks, Elder said he couldn’t provide details, however, he did note that the district’s Information Technology Department requested an emergency procurement of up to $300,000 to restore the SIS system and get assistance.
“We do have state agencies that are assisting, but some of this work is incredibly complex and very specific, and there was a sense of time pressure because we really wanted to get the kids back in school,” he said. “The private security firms provide a level of expertise that really makes a difference in this type of work.”
One thing that this cyberattack makes abundantly clear is that “someone intentionally, aggressively and very publicly tried to harm our school community,” Elder said. “We have to assume that that entity is still watching our every move, and as good stewards of your taxpayer dollars we can’t divulge information that escalates or prolongs our current circumstances or the investigation.”
And that is a large part of the problem, he said. Targeted school districts are advised not to talk about the attacks or share information because “they might share vulnerabilities or get information out that doesn’t help.” Consequently, school districts can’t learn from one another, he said.
Because this is an issue that impacts large and small school districts nationwide, Elder suggested that some sort of state and federal task force be convened “to look at how they’re funding and providing resources for IT teams, so that we are better informed and have the resources at our fingertips that we need to protect that information.”
To rely solely on school districts to resolve this problem, Elder said, “I think that’s going to be tough.”