Illustration by Farago.com

Ransomware attack targeted Concord school system, superintendent says

May 8, 2024

By Sean FlannellyCorrespondent

Concord Public Schools and the Concord-Carlisle Regional School District recently got hit by a ransomware attack, Superintendent Laurie Hunter said. 

Hunter told the Joint School Committee at its Wednesday evening meeting that it’s not clear whether the perpetrators accessed personal files, but several employees have reported data breaches.

As a result, the school district will provide employees with credit monitoring. 

As the schools operated without wireless access during the response to the attack, “Our incredible IT team did everything they could all day to figure it out,” Hunter said. 

Ransomware attacks involve malware that encrypts files so the owner can’t use them. Attackers demand payment to make the files accessible again, sometimes threatening to leak or sell the ransomed data if they don’t get the money.

Superintendent Laurie Hunter. Photo by Celeste Katz Marston

Despite the disruption, the district managed to keep Concord schools up and running throughout the week — a feat Hunter said was aided by the schools’ reliance on Apple hardware, which is more resistant to ransomware attacks. 

The administration building, on the other hand, largely runs PCs. 

“Central Office is completely another story now,” Hunter said. “We’re working in very difficult conditions right now.”

Though the district managed to successfully execute payroll, it’s currently unable to place any purchase orders. 

Hunter also said the district is covered by cybersecurity insurance, which should prevent the attack from costing much money.

The administration is working with forensic cybersecurity consultants to fix and clean the system. 

Over the coming weekend, the district will fully shut down internet services to update its firewall. 

“It’s been a big, big lift and there’s not a great light at the end of the tunnel just yet,” Hunter said. “We’re pulling it off, but it’s not much fun and really unfortunate… it just can happen anywhere.”

Graphic: Farago.com

Elsewhere on the technology front, Concord moved to update how it handles online participation in hybrid public meetings after a mid-March “Zoom bombing” incident.

After attackers overwhelmed a Finance Committee meeting with an onslaught of antisemitic images, the town switched to Zoom’s “webinar” format. 

The shift away from the traditional Zoom “meeting” format allows for closer regulation of how online participants receive permission to speak