Doug Jacobson. Iowa State University professor
CEDAR RAPIDS — A ransomware attack to extort payment or a data breach to obtain information are two possible types of cyber incursions the Cedar Rapids Community School District could be working this week to solve after discovering an incident over the weekend, an Iowa cybersecurity expert says.
The district announced it’s suspending summer programs this week, though high school baseball and softball games would continue. School officials have not described the nature of the cybersecurity attack or said which systems were targeted.
Doug Jacobson, director at the Center for Cybersecurity Innovation and Outreach at Iowa State University, said ransomware or a data breach are two possible kinds of attacks.
A ransomware attack is designed to make computer systems unusable until a ransom is paid, Jacobson said. When the ransom is paid, a digital key is provided that can be used to unlock the computers and data, he said.
The Washington Post reported last fall that in 2019, cybersecurity experts noticed a significant uptick in ransomware attacks on municipalities across the country. In 2020, at least 2,354 governments, health care facilities and schools in the United States were affected by ransomware attacks.
A data breach is when data is stolen from a computer, but the computers typically can remain functional.
“It doesn’t affect your operations,” Jacobson said. In 2013, for example, a cyberattack affected more than 41 million of Target’s customer payment card accounts but the company’s stores remained open Jacobson said.
Jacobson said he doesn’t see a lot of value for hackers in conducting a data breach on a school district. “There’s not a lot that’s worth anything,” he said. “It’s not like breaking in to Target to steal 41 million credit cards.”
It’s “too early” for parents and guardians of students in the Cedar Rapids Community School District to be concerned about a data breach, Jacobson said.
Ransomware malware could have been introduced in to the district computer systems simply by user error — that someone unwittingly clicked on a malicious link in an email, which downloaded the ransomware, Jacobson said.
There’s a good chance the cyber attackers “don’t even know where Cedar Rapids, Iowa, is,” Jacobson said. “Odds are, they just happened to fall victim to this without being the intended target.”
Ransomware also could have been downloaded on to the district’s server by a hacker, Jacobson said. “They find an unlocked door and pick a lock in the cyber world,” he said.
The district suspended its summer programs this week, including Kids on Course University summer school, Champions child care, transportation services and summer lunches because of the cybersecurity breach. District officials expect regularly scheduled summer activities to resume Monday.
Lesson plans, bus schedules and access to menus to make lunches could all be unavailable after a ransomware attack.
“If your phone disappeared today, could you get a hold of anyone you know? If we think about it in those terms, we’ve gone away from remembering anything. Our phone and computer systems are the sum total of all memory,” Jacobson said.
District officials may also just be “over cautious” by suspending summer activities this week, Jacobson said.
Jacobson said it’s “hard to tell” how long it could take to recover from a ransomware attack. It depends on the number and types of systems affected and whether there are good data backups to recover from, he said.
“If you don’t pay (a ransom), it often can take days to weeks to fully recover,” Jacobson said.
Payroll — which district officials have said was not impacted — might be outsourced to a third-party provider, which makes it not subject to a ransomware attack on the district, Jacobson said.
The district is working with third-party cybersecurity experts to review the breach and take steps to ensure something similar does not happen again, according to a Monday news release.
Comments: (319) 398-8411; firstname.lastname@example.org