Cyber attack takes down high school district’s server and phone system

The Mountain View-Los Altos High School District was the victim of a ransomware attack Wednesday that took down the phone system and blocked access to files stored on the district’s server. It’s unclear whether sensitive student data was exposed during the attack.

Superintendent Nellie Meyer said in a statement Thursday that the attack prevented teachers and students from accessing email accounts and files stored on the district’s servers — interfering with both campus operations and instruction. Around the same time, staff received reports of fraudulent activity on district credit cards, which may have been related to the attack.

The school district is still investigating the cause and extent of the security breach, including whether the attackers had access to sensitive student data that could be copied and transferred.

Phones remained offline and the district’s servers unplugged as of Friday afternoon, and in all likelihood both will still be inoperable when school resumes on Monday, according to Bob Fishtrom, the district’s director of information services. Bringing things back online is contingent on new antivirus software being installed across the district’s computers and devices, which is a necessary process that takes time.

What the district knows so far is that the malware is called Sodinokibi, a sophisticated type of ransomware developed in April 2019, likely in Russia or China, and somehow got into the district’s network — potentially in a bogus email attachment. Sodinokibi is designed so that it repeatedly attempts to replicate itself, and holds victims hostage by encrypting files and demanding money (in bitcoin) in order to get them back.

“We’re one of hundreds of districts and entities hit with it,” Fishtrom said.

Since Wednesday, Chromebooks have been distributed to staff with affected computers as a workaround, Fishtrom said, and the good news is that many teachers are already storing most of their important digital classroom materials on Google Drive — which remain unaffected. The other bright spot is that the district’s student information system is hosted elsewhere and hasn’t been affected.

“We know that it hasn’t been compromised,” he said.

Kalista Micetich, a freshman at Mountain View high, said everything from the grading system to classroom projectors to the attendance-taking system was affected, and students in engineering classes fell behind because they couldn’t use their computers to code or design anything.

The district is seeking outside help from a digital security company, Kroll, which is assisting in both safeguarding the district from future attacks and doing the forensic work needed to figure out what happened and what information has been compromised. The early reports indicate that the fraudulent credit card activity, while suspiciously timed, does not appear to be related to the breach.

The attack was first reported by Mountain View High School’s student newspaper, The Oracle on Thursday.

Families concerned that their child’s personal information has been compromised are encouraged to keep an eye out for updates on the district’s Facebook and Twitter social media pages, and are directing any inquiries to the IT department at 925-788-3038 or mvla.info.serve@mvla.net.

This is a breaking story. Check back for updates.