How Groveport Madison is fighting a hacker breach.
A hacker group managed to break into a central Ohio school district. The group BlackSuit forced Groveport Madison to shut off its internet for the time being while the district’s IT department works to fix it.
The district first noticed something was off Tuesday morning after staff and administrators had trouble using printers and logging into computers. Around 8:40 a.m., the district decided to shut off the internet to prevent anything further from happening. It isn’t sure how long this will take, but an official said they’re taking all the necessary steps to make sure it’s safe before the internet gets turned back on.
“Anything that is a Windows device is shut down,” Groveport Madison Business Services Director Chris Reed said. “We’re using Apple devices and Chromebooks. We are using, I would say, a secondary internet that is very limited here in this building. We’re still looking at options for our school buildings as well.”
Through the recommendation of federal authorities, it will stay this way until it gets resolved. The district’s biggest concern is if any sensitive data was breached.
“As far as we can tell, at this point, no student or staff personal data has been breached,” Reed said.
Reed says the IT department does a good job of backing up data regularly. However, Reed said it is too early to tell how BlackSuit was able to hack their servers.
According to Denise Bergstrom, a cybersecurity expert with Franklin University, BlackSuit is unique in that it does two things.
“It encrypts the system so that you can’t access your own records and content that’s right in front of you, but it also sends a copy of sensitive information offline,” Bergstrom said.
BlackSuit is known to target multiple operating systems, Bergstrom said. When it comes to Groveport Madison, she said it seems the district caught the breach early enough, which means security measures are working.
“BlackSuit is very unique in the fact that it appends its name to the different files and content and directories as it started to load them,” Bergstrom said. “One of the things that they can do is be vigilant for that.”Â
Reed said some staff did notice the name on their desktops, which is what prompted the district to turn off the internet.
“One of the things that is really important in a case like this is to make sure that your backups are also secure and that they’re scrubbed, that there is no ransomware on your backup because the second you reload and reinstall, you’ve just reinstalled that malware,” Bergstrom said.
As always, don’t click on links that you are unsure of, Bergstrom said.
According to the district, even though the internet is down, all telephones are still working and school will continue as normal. The district wants to be clear that it will continue to update parents and families about what’s going on.
“We’re going to make sure we over-communicate everything,” Reed said. “Again, we like to be as transparent as possible. In a case like this, being 100% transparent is paramount.”