The district was recently targeted in a cyberattack that compromised the district server, staff members’ computers and Amazon accounts, and phone lines. There was no known compromise of student accounts.
The district has insurance for such cybersecurity issues and is working with a third-party cyber forensics team, the Mountain View Police Department, and the Federal Bureau of Investigation to resolve the issue. According to Director of Information Services Bob Fishtrom, the district has already taken precautionary measures to prevent another attack like this one in the future.
The hackers compromised the district server’s F: Drive which served as the district’s main file-storing system before it was replaced by Google Drive. According to Joanna Plymale, Administrative Assistant to Vice Principal Teri Faught, the F: Drive holds all staff members’ files, including curriculums, lessons, and evaluations. Although teachers were told to transfer their F: Drive information to the new and more secure Google Drive system, much of the staff still retain a lot of their imperative academic information on the compromised drive, according to Plymale.
I think it’s a reminder to all of us that we have to be very careful when we open emails that we know what is being sent to us and pay attention to the attachments
The cyber forensics team has closed off staff access and taken the F: Drive off the network in order to properly diagnose the issue. According to Fishtrom, who started in Sept. 2019, the previous Director of Information Services had a backup of the F: Drive stored on the F: Drive itself.
The unknown attacker gained access to the MVLA network at around 2 a.m., according to Principal David Grissom. The source of the attack is unknown at the time, however, Grissom said attackers may have gained access through a phishing scheme in which someone in the district mistakenly created an access point to the district network by downloading a virus, malware, or other corrupted file onto their work computer.
But the attacks don’t end there. According to Faught, she was charged 1,900 dollars to her Amazon account. “I hardly ever use that credit card. I can’t figure out how they got that credit card number,” Faught said.
I hardly ever use that credit card. I can’t figure out how they got that credit card number
Unfortunately, Faught is not the only person that was targeted by this specific attack. Many other teachers have experienced these unwanted charges to their accounts, raising the recurring question of how it was all done. Faught having said that she had never given her Amazon account to the school in any sense most likely points to the hackers taking her password and information from her saved data on her chrome browser.
According to Fishtrom, the hackers are utilizing a popular ransomware named Sodinokibi. Ransomware is a type of malware that seizes a user’s or organization’s data and threatens to publish or permanently withhold it until a ransom is paid.
According to Grissom, the MVLA Information Technology Department is working to determine the root of the breach and devise a plan to carefully get teachers back online. In the meantime, IT sent an email to staff in the morning advising teachers to be wary of false emails and to refrain from clicking on any email attachments from unfamiliar senders and responding to messages indicating encrypted files.
“I think it’s a reminder to all of us that we have to be very careful when we open emails that we know what is being sent to us and pay attention to the attachments,” Grissom said.