The school district is still investigating the cause and extent of the security breach, including whether the attackers had access to sensitive student data that could be copied and transferred.
The phone system and some of the district's file servers remained offline through Tuesday, a week after the attack, according to Bob Fishtrom, the district's director of information services. New antivirus software has been installed on more than 700 devices across all the district's facilities, including the Mountain View-Los Altos Adult School on Moffett Boulevard, with hopes that the ransomware won't proliferate once the servers are back online.
What the district knows so far is that the malware is called Sodinokibi, a sophisticated type of ransomware developed in April 2019, likely in Russia or China, and somehow got into the district's network — potentially in a bogus email attachment. Sodinokibi is designed so that it repeatedly attempts to replicate itself, and holds victims hostage by encrypting files and demanding money (in bitcoin) in order to get them back.
"We're one of hundreds of districts and entities hit with it," Fishtrom said.
Since Jan. 29, Chromebooks have been distributed to staff with affected computers as a workaround, Fishtrom said, and the good news is that many teachers are already storing most of their important digital classroom materials on Google Drive — which remain unaffected. The other bright spot is that the district's student information system is hosted elsewhere and hasn't been affected.
"We know that it hasn't been compromised," he said.
Kalista Micetich, a freshman at Mountain View High, said everything from the grading system to classroom projectors to the attendance-taking system was affected, and students in engineering classes fell behind because they couldn't use their computers to code or design anything.
The district is seeking outside help from a digital security company, Kroll, which is assisting in both safeguarding the district from future attacks and doing the forensic work needed to figure out what happened and what information has been compromised. Some of the district's file servers have yet to be fully vetted by the company, which is why they stayed offline through Tuesday, Fishtrom said.
Though a comprehensive update on the cyberattack is slated for later this week, early reports indicate that the fraudulent credit card activity was coincidental and does not appear to be related to the breach. The suspicious activity was reported from nine employees and was tied to the use of either Amazon Pay or an Amazon credit card — all of which were personal accounts. District credit cards have shown no reports of unauthorized purchases.
The attack was first reported by Mountain View High School's student newspaper, The Oracle, Jan. 30.
Families concerned that their child's personal information has been compromised are encouraged to keep an eye out for updates on the district's social media pages, and the district is directing any inquiries to the IT department at 925-788-3038 or firstname.lastname@example.org.
This story contains 589 words.
Stories older than 90 days are available only to subscribing members. Please help sustain quality local journalism by becoming a subscribing member today.
If you are already a subscriber, please log in so you can continue to enjoy unlimited access to stories and archives. Subscriptions start at $5 per month and may be cancelled at any time.