At our inception 20 years ago, we chose to be different. Unlike other news organizations, we made the decision to provide in-depth, regional reporting free to anyone who wanted access to it. We don’t plan to change that model. Support from our readers will help us maintain and strengthen the editorial independence that is crucial to our mission to help make Western North Carolina a better place to call home. If you are able, please support The Smoky Mountain News.

The Smoky Mountain News is a wholly private corporation. Reader contributions support the journalistic mission of SMN to remain independent. Your support of SMN does not constitute a charitable donation. If you have a question about contributing to SMN, please contact us.

Haywood schools close due to ransomware attack

By Boyd Allsbrook • Contributing writer | Internet technology has become the backbone of schools in the time of COVID-19. E-learning has allowed students to carry on their studies while safely at home on a historic scale. However, this reliance on technology has its pitfalls; school systems are now more vulnerable than ever to cyber attacks. 

Early Monday morning, the Haywood County Schools IT department noticed corrupted files and a ransomware message. 

“When that happens, you just go through standard protocols and shut everything down,” said Superintendent Bill Nolte. This necessary step added to the brewing confusion by severely limiting the school system’s ability to communicate with students and parents. “We’re fairly well known as a school system that posts a lot of information and puts out a lot of press releases. But when we shut everything down, we shut down our servers, our landline phones, and our internet.’

Ransomware is a type of virus that shuts you out of your own files and then asks for payment for their return. It’s most often downloaded through unsolicited spam emails, though corrupt ads online can also install the software behind the scenes. 

“They sent us a nice message,” said Nolte. “We did not read it. But it was clear that it was a ransomware message. We won’t read it until it’s safe to do so.”

Remote learning was canceled for Monday and Tuesday, and teachers were given optional workdays. “We don’t want our devices, either on campus or out on loan, to compromise other people,” Nolte added. 

After canceling classes via text, a meeting with state cyber experts, the SBI, FBI, National Guard, Microelectronic Center of North Carolina (MCNC) and others was held at 11 a.m. Outside experts began arriving at HCS at midday Monday. 

“We have three people who are still with us this evening and who will be working into the night,” Nolte said in a Monday afternoon interview. Another meeting was held at 10 a.m. the following morning. 

“We hope by tomorrow, certainly by Wednesday or Thursday, we’ll have a good handle on what really has been compromised. We know there are some files but we’re not really sure,” he said. 

When asked if they had any clue who was behind the attack, Nolte laughed. 

“Oh, that’s going to take some work, now. They hide behind multiple layers of servers across the world. We certainly have had communication with SBI and FBI, and we’ll help them try to find out who it was. But that’s not our first priority right now.”

Right now, the focus for HCS is getting school back up and running. When asked when this might be, Nolte didn’t know, though he was hopeful: Google Classrooms, the primary tool for students and teachers, has not been compromised. However, several actions on that application involve communication with Haywood County Schools’ servers. 

“We want to make sure we don’t turn on anything that would cause more problems. Once we work through the details of making sure that we can use internet connections and servers and laptops and iPads then we should be able to open again. We don’t know when that will be yet,” said Nolte.

To confused students and parents accustomed to more clear and direct communication with HCS, Nolte said, “The one thing we ask is that people be patient with us. We will certainly be communicating but it will not be the robust communication that we typically have. We’ve had a very real ransomware attack, and one of the things that was attacked was our ability to communicate.”

Go to top