Manhasset School District continues to recover from September ransomware attack

Robert Pelaez
Acting Superintendent Gaurav Passi said the Manhasset School District continues to recover from a September ransomware attack. (Photo by Samuele Petruccelli)

Manhasset’s acting school superintendent, Gaurav Passi, said most on-site network services have been restored for students and staff as the district continues to recover from a ransomware attack that leaked sensitive information to the dark web.

At a Board of Education meeting last Wednesday, he said students are once again able to use their district-issued Chromebooks, with network and Xerox services also being restored. Passi said the district has sought an outside vendor, through its insurance company, to complete the data mining process so it can review the files the hackers obtained.

Individuals whose information was obtained by the hackers during the September ransomware attack will be notified by the district, according to Passi.

“Our preliminary review has identified some former and current employees who have been impacted and the first wave of notification letters are being processed now,” Passi said. “These individuals will receive a letter by U.S. mail that will contain a credit monitoring code for their use.”

As the team of data miners accesses more files, more individuals will receive notifications from the district. Passi said the district is also working with its retiree association and posted all letters regarding updates on the investigation to its website. Some retired district employees, he said, were included in the first wave of notifications.

Last month, district officials warned Manhasset students who held or shared files posted online by hackers they could face disciplinary action. Files posted on the dark web ranged from documentation of disciplinary actions, student gradebooks, general staff information and financial records.

Also posted online were files containing Social Security numbers, driver’s licenses, passports, student grades and home addresses. In a previous email, the district committed to providing complimentary credit monitoring for affected individuals.

“The intrusion into our network was deep, the files stolen were voluminous, and some files contain sensitive information regarding certain students or staff,” Passi wrote in a previous email to the district. “We share your outrage about this invasion of privacy.”

Cybersecurity experts said the district’s ransomware attack is not an isolated incident, as universities and school districts have become targets for extortion.

“What we’re actually noticing in research is that there is a business cycle starting to emerge with this,” said Scott Jeffreys, associate professor of computer science at Hofstra University. “Right now is a very hot time for cybercriminals to be launching these kind of spear phishing attacks against organizations.”

The most common method of cyberattack is spear phishing, where individuals might not question the source of an email and inadvertently disclose credentials, allowing bad actors to log into the computer network, Jeffreys said. Even with good training, employees can still fall victim to convincing communications.

“The whole purpose of an attack like this is to create panic,” Jeffreys said. “The greater the value of the mined assets, in this case passports, driver’s licenses, private information, the more value that might have on the dark web of the internet for a resale, or the more embarrassment it may create for the school district to encourage them to potentially pay more quickly.”

Passi said the district is working to implement enhanced cybersecurity measures so that the information of students and staff can be better protected. The district, he said, continues to cooperate with investigations by the Nassau County Homeland Security Department and the FBI, along with other state and federal agencies.

Share this Article