FBI ends GCSD cyber attack investigation

— Photo from CISA’s Top Tips for Virtual Learning

GUILDERLAND — The investigation into an April 22 cyber attack at the Guilderland schools is wrapping up.

“No information was used for identity theft or fraud,” Superintendent Marie Wiles told The Enterprise on Monday.

The spring-semester attack, which canceled in-person classes for several days, was investigated by the FBI.

A “threat actor group” used malware to encrypt certain school-district systems, Wiles had told The Enterprise earlier.

On Monday, she said, “We are in the process of notifying individuals who may have had information seen by people who shouldn’t have seen it.”

Altogether, 367 letters were sent out to former students and former employees, she said.

The district worked with specialists through its insurance carrier to cull through the data and research mailing addresses, Wiles said.

Although the district is required to send out the notices, Wiles said of the pilfered information, “None of it was used to any bad effect.”

Asked if there were any suspects in the case, Wiles said, “I don’t know that we’ll ever be able to reveal that.”

To do so, she said, could hurt the FBI’s efforts “to stop the bad guys.”

“The ongoing fight is nationwide and worldwide,” she said.

Since the onset of COVID-19 and the increase in remote learning in schools, “malicious activity with ransomware attacks against K-12 educational institutions” has risen sharply, according to the Cybersecurity and Infrastructure Security Agency, an independent federal agency under the oversight of the Department of Homeland Security.

“Malicious cyber actors are targeting school computer systems, slowing access, and rendering the systems inaccessible to basic functions, including remote learning,” says a fact sheet that CISA developed with the FBI for schools. “In some instances, ransomware actors stole and threatened to leak confidential student data unless institutions paid a ransom.”

Asked if Guilderland had been told to pay a ransom and, if so, for how much, Wiles responded, “We have been working in tandem with the FBI on this matter. As part of our commitment to assist in those efforts, we are not commenting on or disclosing additional information about the threat actor or any interactions with them.”

Wiles also said of Guilderland, “Since the investigation, we have beefed up our security system to screen activity in our network.”

The district continues to train its employees, when using computers, “not to click on things that look suspicious,” she said. Students are being trained as well.

“We are ever more vigilant in investing in the tools we need to stay safe and secure ...,” said Wiles.  “We need to stay one step ahead of the bad actors who are constantly upping their game,” she said, likening it to an arms race.

More Guilderland News

  • GUILDERLAND — A Guilderland man using a dating app was identified as a target for armed robbery t

  • “We need housing and you don’t, in my opinion, want people who aren’t going to live in a house to own a house and then just rent it out short-term a week at a time, a weekend at a time, a wedding at a time,” said Robert Randall at the public hearing. “The people living next to them no longer have a neighbor; they have strangers living next to them.”

  • Guilderland Supervisor Peter Barber described the building as being “frozen in time” and said he’d also like to acquire from the district the “big pot-belly stove” and the original desks and chairs that had been in the school until recent years because he’d like to “recreate what a school looked like at that time.”