Early Monday morning, the Haywood County Schools IT department noticed corrupted files and a ransomware message.
“When that happens, you just go through standard protocols and shut everything down,” said Superintendent Bill Nolte. This necessary step added to the brewing confusion by severely limiting the school system’s ability to communicate with students and parents. “We’re fairly well known as a school system that posts a lot of information and puts out a lot of press releases. But when we shut everything down, we shut down our servers, our landline phones, and our internet.’
Ransomware is a type of virus that shuts you out of your own files and then asks for payment for their return. It’s most often downloaded through unsolicited spam emails, though corrupt ads online can also install the software behind the scenes.
“They sent us a nice message,” said Nolte. “We did not read it. But it was clear that it was a ransomware message. We won’t read it until it’s safe to do so.”
Remote learning was canceled for Monday and Tuesday, and teachers were given optional workdays. “We don’t want our devices, either on campus or out on loan, to compromise other people,” Nolte added.
After canceling classes via text, a meeting with state cyber experts, the SBI, FBI, National Guard, Microelectronic Center of North Carolina (MCNC) and others was held at 11 a.m. Outside experts began arriving at HCS at midday Monday.
“We have three people who are still with us this evening and who will be working into the night,” Nolte said in a Monday afternoon interview. Another meeting was held at 10 a.m. the following morning.
“We hope by tomorrow, certainly by Wednesday or Thursday, we’ll have a good handle on what really has been compromised. We know there are some files but we’re not really sure,” he said.
When asked if they had any clue who was behind the attack, Nolte laughed.
“Oh, that’s going to take some work, now. They hide behind multiple layers of servers across the world. We certainly have had communication with SBI and FBI, and we’ll help them try to find out who it was. But that’s not our first priority right now.”
Right now, the focus for HCS is getting school back up and running. When asked when this might be, Nolte didn’t know, though he was hopeful: Google Classrooms, the primary tool for students and teachers, has not been compromised. However, several actions on that application involve communication with Haywood County Schools’ servers.
“We want to make sure we don’t turn on anything that would cause more problems. Once we work through the details of making sure that we can use internet connections and servers and laptops and iPads then we should be able to open again. We don’t know when that will be yet,” said Nolte.
To confused students and parents accustomed to more clear and direct communication with HCS, Nolte said, “The one thing we ask is that people be patient with us. We will certainly be communicating but it will not be the robust communication that we typically have. We’ve had a very real ransomware attack, and one of the things that was attacked was our ability to communicate.”