Benitez, who has trained in digital forensic investigations with the FBI, worked closely with Woodlake Unified to identify where the breach occurred. He connected the district with Breadcrumb Cybersecurity in Fresno who helped speed up the process of rebuilding their system from its most recent data backup and getting WUSD back online, a process that took Woodlake about five days, according to Gonzales. Rarely are the individuals behind cyber attacks identified and brought to justice, so the primary goal of the DA’s office is to help districts get back online as quickly as possible.
“Our Bureau of Investigations Digital Forensics Unit works closely with the FBI to assist in these types of investigations and the recommendation from our experts is to be prepared before it is too late,” Ward stated in the letter.
Benitez said the time it takes an organization to restore its systems depends on how comprehensive the ransomware attack was, how recent the backup is and the amount of staff working to rebuild the system. In the case of VUSD, Cardoza said district staff took swift action to shut down systems district-wide, allowing VUSD to identify and stop the ransomware attack before it took full effect. Most of those systems were back online later that day, lending credence to the district’s claim “the ransomware attack failed,” according to a Jan. 14, 2022 email from the interim superintendent.