SOUTH LYON – School officials have confirmed that a ransomware attack prompted the shutdown of South Lyon Schools for three days this week.
Oakland County Sheriff Michael Bouchard said his department is heading the criminal investigation into the incident.
“The forensic investigation remains ongoing, but to date we can confirm this incident was the result of a ransomware infection carried out by a well-known ransomware group,” Superintendent Steve Archibald wrote in a Thursday email to families. “There is no evidence thus far to show this ransomware group specifically targeted South Lyon Community Schools.”
He did not release the name of the group.
The district has contracted with Eden Prairie, Minn.-based cyber firm Artic Wolf to investigate and remediate issues with the district’s computer network, which were discovered on Sunday, Sept. 14.
Dan Deeth, senior director of corporate communications for Arctic Wolf, declined to comment.
Ransomware is a type of malicious software – or malware – that prevents users from accessing computer files, systems, or networks and holds access subject to a ransom in exchange for releasing access, according to the Federal Bureau of Investigation.Bouchard earlier this week confirmed his department is investigating the attack, although his office was contacted “a little later than normal.”
“It is best if people come to us right away and make a police report,” Bouchard said. “We have our own forensic and computer crimes unit and we work with federal partners… Cyber crimes are intrusions and often involve blackmail or extortion and are fairly common across the globe.”
Bouchard would not comment on whether federal agencies would be used in the case.
Officials first became aware of a problem with the district’s network on Sept. 14 and sent an email to families late that evening cancelling Sept. 15 classes.
Despite the information technology department working “nearly around the clock,” school was also canceled Sept. 16 and Sept. 17, primarily due to concerns surrounding the incident “severely compromising” the ALICE (Alert, Lockdown, Inform, Counter, Evacuate) protocol, a federally endorsed program schools use to respond to critical incidents, including active shooters.
Archibald reassured families in both an email and at a Sept. 16 school board meeting that the district had no evidence that any student or faculty data had been compromised. Student and employee data is stored through a third party provider on a cloud-based network, he explained, separate from the schools’ network.
Archibald said in his email on Thursday that the primary focus of the investigation “is to determine how the incident occurred and if any data was acquired as a result.”
Contact reporter Susan Bromley at sbromley@hometownlife.com.
This article originally appeared on Hometownlife.com: Ransomware attack closed South Lyon Schools for 3 days, officials confirm
Reporting by Susan Bromley, Hometownlife.com / Hometownlife.com
USA TODAY Network via Reuters Connect
