Louisiana superintendent says schools attacked by cybercriminals who hold data for ransom

The Louisiana Department of Education has released new information regarding the cyberattacks that targeted multiple school systems in the state, including those in northeast Louisiana.

In a message provided by the Dept. of Education, State Superintendent John White told school system personnel that some systems "have been attacked by cybercriminals who target any, large and small, IT infrastructure for the express purpose of encrypting all accessible data, including back-up data, and holding it for ransom."

The superintendent did not specifically name any schools in the message. The letter also offers advice on moving forward after being attacked. It also offers advice for systems that have not been attacked. You can read the full message with the guidance below.

On July 24, 2019, Louisiana Governor John Bel Edwards declared a state of emergency in response to cybersecurity breaches affecting schools in Monroe, Morehouse Parish, and Sabine Parish. The declaration states, in part: "there have been severe, intentional cybersecurity breaches in the Sabine, Morehouse, and City of Monroe school systems that may potentially compromise other public and private entities throughout the State of Louisiana."

You can read the emergency declaration and response from Monroe City Schools here.

Others were also hit. According to the Associated Press, Tangipahoa Parish schools Superintendent Melissa Stilley said officials discovered "activity" on the network similar to other recently reported attacks on Louisiana school systems. She didn't give details on the activity. Tangipahoa schools shut down phone lines and email at schools and some offices Monday.

In Madison Parish, officials posted on their Facebook page that they were taking their system offline for the time being, in an effort to prevent attacks on their system. They said, "In light of the recent cyber hacking that other school districts have experienced, we are shutting down our internet, inclusive of our telephone lines, to scan for such cyber threats as a precautionary measure to safeguard our students and employees’ personal information. At this time, MPSD have not been exposed to such threats and we working to ensure our information is protected. Please be patient with us as we are unable to provide a definite time when our internet and telephone services will be restored. You have been amazing supporters of our district and students and we are so appreciative of your support. When Madison School District is back online, we will inform the public through social media."

Superintendent John White's full message is as follows:

Dear Colleagues, As you are aware, a number of school systems in our state have been attacked by cybercriminals who target any, large and small, IT infrastructure for the express purpose of encrypting all accessible data, including back-up data, and holding it for ransom. This attack can be particularly devastating due to the fact that the original infection may have occurred weeks or months earlier via an email attachment, link, downloaded file, or a remote desktop tool. Similar attacks have occurred in school systems and other public service facilities around the country and the world. Many of you have been working with the Governor’s Office of Homeland Security and Emergency Preparedness (GOHSEP) and the Louisiana Division of Administration’s Office of Technology Support (OTS) to understand the risk and evaluate the threat to your system. In extreme cases, where an infection has been identified, a tactical team of cyber and information technology experts have been deployed to assist in your recovery. To prevent more extreme cases, GOHSEP and OTS are strongly recommending that you take the following steps as quickly as possible to protect your technology network and infrastructure:

Complete the Office of Emergency Preparedness Questionnaire and send it to your parish’s OEP Director in order for GOHSEP to have an accurate accounting of all strategic locations in each parish. Superintendents should have received this survey directly from OEP. If you have not, please reach out to your parish’s OEP Director.
In coordination with your technology coordinators, review this critical task list and complete phase one immediately. Once phase one is complete, continue with phases two through six.
By Thursday, August 1 at 9:00 a.m., complete this brief survey on the status of your prevention.
If at any time you have questions about the preventative steps, email edtech@la.gov.
If you have any concerns about a possible cyberattack, call Carol Mosley immediately at 225-588-5584.
A school system’s network will not be completely protected unless all phases within the critical task list are completed. A “Cyber Security Info” button has been placed on the homepage of the department's website to help you easily access all documents developed in response to this incident and copies of any webinars. In coordination with GOHSEP and OTS, we will provide updates and, if needed, schedule webinars to share pertinent information. A webinar will be held tomorrow morning at 10:30 a.m. with the intent of walking through the critical task list for participants with less technical expertise. This webinar will not provide new information from what was provided in the 9:00 a.m. technical call this morning. Last, I have been informed that many school system technology staff members are volunteering to assist in impacted parishes and spending hours into the evenings and weekend helping their colleagues across the state. Please thank them for stepping up in this time of need and serving as an example for us all. As always, thank you for all you do for our children, John