Ransomware attack infects 30,000 computers in New Mexico schools

A serious incident has compromised the computer systems of a US school district. According to digital forensics specialists, a ransomware attack has infected about 30,000 computers belonging to the Las Cruces school district, New Mexico, US. The incident caused servers and Internet devices to shut down throughout the district.

During a press conference, Superintendent Karen Trujillo revealed that the malware managed to compromise these computers during the early hours of October 29; hours later, district IT staff were instructed to shut down operations on all servers and disconnect compromised computers from the Internet.

As you may remember, a ransomware is malicious software created to block access to a device and stored files. To regain this access, victims must pay a ransom to threat actors. The most common methods of ransomware infection are sending malicious emails and using malware-plagued web pages, mentioned by digital forensics experts.

When questioned about the incident recovery process, the district’s IT director, Matt Dawkins, stated that Las Cruces is collaborating with external cybersecurity firms to implement a recovery plan that has proven successful in other ransomware attacks. At the conclusion of the first investigations into the attack, Dawkins mentioned that about 30,000 devices should be “cleaned”; this process includes formatting hard drives, reinstalling operating systems and complementary software.

A subsequent release from the district’s digital forensics team also mentioned that the entire IT infrastructure of Las Cruces will be subject to security audits and hardware upgrades to complete the recovery process and be able to put online systems again.

Regarding the time it will take the recovery process, the district authorities decided not to make an estimate: “Certain setbacks may appear, we must stop and address all possible failures that arise; it’s hard to say how long it’s going to take,” Dawkins added.

As with recovery time, details about potential costs are unknown, although Superintendent Trujillo mentioned that a significant portion of these expenses will be covered by a federal fund reserved for such incidents.

Although most of the district’s computers were impacted, the authorities mentioned that two teams were enabled to access information systems securely, so the closure of activities was not complete, and academic staff, in all schools in the district, it works in an “almost normal” manner. Schools staffs have also resorted to some paperwork and processes by hand.

International Institute of Cyber Security (IICS) digital forensics specialists mention that school districts, like other public organizations, have become one of the new targets for cyberattacks. The main recommendation for any organization is to establish awareness programs to prevent ransomware infections and any other type of malicious program. The costs of prevention are way lower than the costs of recovering from any cybersecurity incident.