Minneapolis Public Schools students and staff returned to school buildings this week only to find that ongoing issues from a cyberattack on the district were continuing to cause disruption.
The district said the system for recording attendance and grades was up and running Tuesday, but Greta Callahan, teacher chapter president of the Minneapolis Federation of Teachers, said some teachers were still having trouble logging in to the programs. After-school activities were canceled Monday because of the ongoing issues.
District officials have sent families a few email updates about the "technical difficulties" from an "encryption event" but have yet to explain what caused it. The problems so far have left some of the district's systems down for about a week.
While the description of "encryption event" is vague, it could mean a ransomware attack, said Matthew Wolfe, director of cybersecurity operations at Impero Software, a company whose products include education software.
Such attacks on school districts have been on the rise in recent years and the rapid shift to distance learning at the start of the pandemic likely made districts easier targets, Wolfe said.
"With more devices, there are more areas to be impacted," he said, adding that amid the push to make e-learning accessible for all students at home, "protection often got put on the back burner."
Several such attacks have made headlines in recent months: Schools in Des Moines were forced to cancel classes in January after a cyberattack. And the country's second-largest school district — Los Angeles Unified — fell victim to a ransomware attack claimed by the hacking group known as Vice Society. After that incident, about 2,000 student psychological examinations were uploaded to the dark web.
The Minneapolis district had not provided any new information about the cause of the incident by the end of the school day Tuesday. The school board was set to hear a security briefing related to IT issues at a closed meeting Tuesday night.
According to a Friday update, the Minneapolis district's investigation has found no evidence of compromised personal information. Still, staff were asked to reset passwords and help guide students through that process.
Many teachers reported issues with trying to reset student passwords on Monday, Callahan said. And since printers were also down, teachers had to get creative to find lessons and activities for students.
"[District officials] should be more transparent," Callahan said. "I feel like this was just all about hoping everything would work by Monday."
In updates to parents, district officials have repeatedly said that district IT staff and external IT specialists have been working "around the clock" to investigate the source of this attack and to understand its impact on the computer systems.
Wolfe said school IT professionals are "overwhelmed on a daily basis" and work all hours of the day and night when a cyberattack happens.
"It's a really hard and trying time for a district," he said.
Wolfe said Minneapolis schools may have been targeted because of recent events suggesting its vulnerability — including a 2020 incident that nearly cost the district $500,000. The cyberfraud occurred when a payment meant for a legitimate contractor was made to a fraudulent account.
The district said in a statement that the money was safely returned to Minneapolis Public Schools and additional protocols were put in place.
Fox 9 first reported on that incident in early February. Wolfe said that a hacker conducting research on a potential target looks for vulnerabilities.
"They've had situation after situation in the news," Wolfe said, referencing Minneapolis staffing shortages, the district's financial outlook and the lack of a permanent superintendent. Even the fact that the district is soon launching a new website could pique a hacker's interest, Wolfe said.
"All of those digital footprints suggest this is an easy target," Wolfe said.