Minneapolis Public Schools hit by encryption virus, district ‘has not paid any ransom’

[anvplayer video=”5165645″ station=”998122″]

The Minneapolis public school district is now warning families after its system was hit by an encryption virus.

Minneapolis Public Schools (MPS) on Wednesday urged caution about receiving, interacting with or responding to any suspicious emails or phone calls after the district’s system was infected with an encryption virus.

The district added that it “has not paid any ransom to the threat actors” and — while saying data may have been accessed — said it hasn’t found evidence that the data has been used to commit fraud. However, it noted that the “threat actors may contact employees or staff in an attempt to coerce MPS to pay a ransom.”

It started more than a week ago when MPS suddenly canceled parent-teacher conferences — which had been scheduled for Feb. 21 — the night before, citing “technical difficulties.” However, the district maintained that it was working with third-party specialists, and no data was lost.

RELATED: Minneapolis Public Schools: Staff’ working around the clock’ on technical difficulties, no data lost

When the district shifted to e-learning Wednesday through Friday last week due to the winter storm, MPS noted it was still dealing with technical difficulties but said much of its technology supporting e-learning was still accessible.

Friday, Feb. 24, the district confirmed it was dealing with an encryption event, saying its staff and third-party specialists were working “around the clock” to investigate the source and its impact. However, it maintained that no personal information was compromised, and said staff updated relevant passwords and implemented additional multi-factor authentication where possible.

Wednesday’s update said the district’s investigation remains ongoing, but it was able to “restore the MPS environment using internal backups.”

“We are working with law enforcement and will continue to cooperate with authorities as their investigation continues. We want to caution everyone regarding the dangers of potential phishing events and other potential scams,” a statement posted to the district’s website said Wednesday.

The district told parents to watch for possible phishing events and scams, asking anyone who receives any threats or suspicious messages to report it to privacy@mpls.k12.mn.us. They also recommended families change passwords for any online personal accounts that were accessed on MPS devices.

5 EYEWITNESS NEWS asked the district for more clarity about the attack, including when the district first became aware of it, but a district spokesperson did not provide any additional information either on Friday, Feb. 24, or Wednesday.

The district has posted some information on phishing attacks online. It also provided information urging parents to watch their financial accounts for suspicious activity, freeze accounts if necessary, and to contact the three major credit reporting bureaus — Equifax, Experian and TransUnion — if wanting to place a credit freeze or fraud alert.

“It sounds to me like the Minneapolis Public Schools was the victim of what’s called ‘ransomware,’” Sean Lanterman, Computer Forensic Services director of incident response, said.

Ransomware is a malicious software that’s used to block access to files, but it can also steal private information such as social security numbers and bank information.

Lanterman explained sometimes there’s a price to get it back.

“Here’s an analogy: A bad guy who’s at your house and he changes the locks and you get home. He says you can’t get in unless you pay me x amount of dollars.”

According to MPS’ letter to staff and students, the district said they did not pay ransom to the threat actors.

They added that the investigation has not found any evidence that any data has been accessed to commit fraud.

Lanterman is seeing an uptick in cybersecurity attacks. He explained they deal with several per week.  

If private information is stolen, its new home could be on the dark web.

Lanterman showed 5 EYEWITNESS NEWS the dark web and explained there are links criminals post with businesses’ private information that anyone can download.

To make it more difficult for a security breach, experts said it’s important to stay one step ahead.

“Security is something that you can’t always delegate,” Lanterman said. “You need to be diligent in changing things like your passwords and making sure that you’re paying attention to what links are in an email.”