Livingston Public Schools Hacked With Ransomware, Classes Delayed – CBS New York
LIVINGSTON, N.J. (CBSNewYork) — A New Jersey public school district is working to restore its computer system following a cyber attack on Monday. Administrators said hackers took over the network, and experts said this is a growing problem.
Students at Livingston High School arrived to class two hours later than usual to begin the new week. The delayed start was necessary as administrators and staff discussed how to get a handle on a cyber attack affecting the district’s entire computer system, CBS2’s Reena Roy reported.
“I was shocked. I didn’t realize something like this could really happen,” parent Kim Green said.
Officials said hackers broke into the network on Thursday, infecting it with ransomware and taking data hostage from all nine schools in the district, affecting 6,000 students.
“None of us really know what’s going on,” high school junior Diego Bolanos said.
The data is not stolen or lost, just locked and inaccessible. School authorities reported the crime to local police and have tasked tech professionals with fixing the issue.
“They wanted to report to us that they’d been attacked through a cyber crime,” Livingston Police Chief Gary Marshuetz said. “We immediately contacted the Essex County Prosecutors Office, FBI and New Jersey State Police Cyber Crimes Unit.”
“It’s a step-by-step process,” Livingston Schools Superintendent Dr. Matt Block said. “We’re moving kids forward with what they need to be doing in terms of learning and education.”
By late Monday morning, email and internet were usable, but the full phone system and some other technology remained down, Roy reported.
“It’s a little strange. It kind of has the entire school on standstill,” high school student Simon Perlmutter said. “Just because everything is digital nowadays, so it’s a little hard.”
Block refused to say how much the hackers are demanding and if the school is going to pay.
The school administration says they won’t know what data if any is compromised until they conduct a forensic analysis of their servers, which they plan to do over the next few weeks.
The FBI calls ransomware the fastest growing malware threat in America.
Cyber security expert Paul Oster agrees.
“If you don’t pay, there is not a software engineer on the planet that could get your data back,” Oster told CBS2’s Scott Rapoport. “You would hope that this is a wake-up call for all the other schools.”
Back in September, an emergency alarm sounded at a school in Orange County, N.Y., allowing staff to shut down the system before hackers could seize it.
And over the summer, Rockville Centre schools in Nassau County paid a hacker $100,000 in bitcoin to get its data back.
Oster believes most schools don’t do enough to keep sensitive information secured.
“They have not only staff’s entire files, but the students’ files. A lot of them are left out. They are not locked,” Oster said.
He recommends school districts and companies back up data on a daily basis to a remote server, so if it happens to become the next victim of ransomware it wouldn’t have to pay hackers to unlock the information.
Leonie Haimson, with the Parent Coalition for Student Privacy, says children’s data is some of the most valuable data to deal because they don’t have any credit ratings.
“There’s a legal obligation that you should be able to know what data is being collected by your school or district,” Haimson said. “Every parent should be asking their school these questions.”
Meanwhile, the Livingston superintendent is hopeful things will feel back to normal for students by December break. The school district says it does have insurance for cyber attacks, which should be pay for at least some of the recovery expenses.