Cyberattack against Regina Public Schools likely ransomware - Action News
Home WebMail Friday, November 22, 2024, 09:25 PM | Calgary | -11.3°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
Saskatchewan

Cyberattack against Regina Public Schools likely ransomware

A ransom note displayed on some Regina Public Schools computers indicates a recent cyberattack was a ransomware attack.

'I think it's a serious breach. There's no doubt about it,' says expert

A number of desks sit in an empty classroom
More details have emerged about the type of cyberattack that has targeted Regina Public Schools. (Matthew Howard/CBC)

New information has emerged about the recent cyberattack that targeted Regina Public Schools, forcing it to shut down all internet-based systems such as email and other education tools.

CBC News has reviewed a copy of a note that hasappearedon computers that were part of the school district's network.

The note says it is from an organization calledBlackCat/ALPHV,which experts say is well known for employing ransomware attacks.

The note alleges that 500 gigabytes of files belonging to Regina Public Schools havebeen encrypted and that the group now possessescopies of data rangingfrom tax reports and health information to passports andsocial insurance numbers.

"I think it's a serious breach. There's no doubt about it," said Alec Couros,a professor of educational technology and media at the University of Regina.

What is ransomware?

David Shipley, a cybersecurity expert based in New Brunswick, told CBC News that ransomware is the No. 1 threat to organizations that operate in the digital world.

Ransomware is malicious software that encrypts data andallows the information to be held ransom. The person or group behind the attack then offers to reverse the encryptionin exchange for cash or, more commonly these days, cryptocurrency.

"It can also be used to cripple devices and make it just impossible to use the IT systems of a modern organization. It grinds any organization, whether it's a business, a hospital, a school, to a complete halt," Shipley said on Friday.

David Shipley is the CEO of Beauceron Security CEO and a cybersecurity expert. (Jonathan Collicott/CBC)

Ransomware can make its way into an organization's systems in multiple ways, Shipley said.

That can include phishing emails that trick someone into providing access, unsecured remote access to the network or unpatched servers and systems.

Although the school division has said the attack began on Sunday, it has not stated how itbegan.

LISTEN |The battle against ransomware:

Cyberattack on N.L. health-care system worst in Canadian history: expert

3 years ago
Duration 3:30
One cybersecurity expert says the cyberattack on the Newfoundland and Labrador health-care system may be the worst in Canadian history and has implications for national security.

BlackCat/ALPHVis a criminal gang previously known as DarkSide, which famously shut down aU.S. pipeline last year.

The response to that cyberattack and the attention it drew has meant rebranding for the organization, which operates on a global scale.

"They've got a sophisticated business model, and they're brutal at what they do," said Shipley, who describes BlackCat/ALPHV as well-financed and well-resourced.

As of March, the FBI reported the organizationhad compromised at least 60 entities worldwide through ransomware attacks.

Fears from teachers

The cyberattack against Regina Public Schools has many teachers worried about what kind of data has been exposed, according to the Patrick Maze, president of the Saskatchewan Teachers' Federation.

"There are some concerns around confidential material potentially being breached," said Maze.

"We know that there's lots of student data that school divisions maintain and we know there's also, of course, personnel data that would contain financial information and personal confidential information."

Patrick Maze says teachers have expressed concern over their information being exposed due to the cyberattack that targeted Regina Public Schools. (Bryan Eneas/CBC)

The impact on day-to-day teaching is hard to assess. Many of the online tools that teachers became reliant on over the course of the pandemic and remote learning are now gone.

The attackcould not have come at a worse time. The school year is ending in Saskatchewan and that means grading is due soon.

Online systems that store grades or allow teachers to record progress are not currently available. Even the programfor attendance isoffline, forcing teachers to go back to pen and paper.

"It's a difficult time for staff and we just hope that they're able to get through this and preserve as much student work and conduct final assessments as efficiently as possible," Maze said.

What happens now?

Shipley said the school district did the right thing by immediately isolating and shutting down its online systems in an attempt to limit the scale of the attack.

The school division has limited options to get its data back, Shipleyand Couros said. Shipley stressed that even if the ransom is paid, there is never a guarantee the data will be turned over.

Other options include rebuilding the entire network off of backups something that the City of Saint John chose to do in 2020 instead of paying the ransom, estimated to bebetween $17 million and $20 million worth ofBitcoin.

WATCH |Cyberattack on N.L. health-care system worst in Canadian history, expert says:

Shipley said thetimeline forrebuilding networks from backups can be weeks or months.Courossaid criminal organizations can set long-term deadlines or threaten to delete or leak the information on a short deadline.

"That puts a lot of pressure toact quickly, especially if it is a credible threat, and it makes it very difficult to find out exactly what's been taken, because you may not know the full extent of the penetration into your systems," said Couros.

Only Regina Public Schools and the cybersecurity experts they have brought in to assist know what solution they've chosen and what timeline they've been given by the criminal organization.

Multiple requests for comment with Regina Public Schools left throughout this week have not been returned.

With files from Jessie Anton and Karissa Donkin