Ransomware attack takes Visalia Unified's computer systems offline, school district says

A cyber attack caused several of Visalia Unified's computer systems to go offline, the school district reported.
VISALIA, Calif. (KFSN) -- Recently, a ransomware attack forced the closure of the country's largest fuel pipeline.

Experts say the extortion-style cyberattacks are on the rise and are causing serious problems for businesses, government entities, and schools.

Federal officials describe ransomware as a type of malicious software that encrypts data on a computer, so it's unusable unless the victim of an attack pays a ransom to the cybercriminal.

"So the end goal is basically to block your data until you pay them to unblock it for you," said Sean Quellos of Digital Forensics Corporation, an Ohio-based cybersecurity company.

On Tuesday, Visalia Unified School District announced that they were also victims of a ransomware attack, saying it impacted the operation of school district IT systems.

District officials said they were working with a cybersecurity company to respond to the attack and restore the systems as soon as possible.

The district isn't specifying what kind of data was taken hostage and isn't releasing any details about the hackers' demands.

But Quellos says this attack may go beyond data encryption.

It could include the theft of sensitive information.

"With most ransomware attacks we've been seeing lately, they basically come coupled with the data exfiltration, where not only they're encrypting the files on the person's computer so they can't use them," Quellos said. "They're also taking data off that computer and transferring it."

Quellos believes ransomware attacks are becoming more common for two reasons: the popularity of cryptocurrency, and the COVID-19 pandemic.

"With more people remoting in, that's usually the attack mechanism is they'll remote in somehow, so it's less likely to look like an anomaly or something," Quellos said. "With more and more people remoting in, it just seems more common, there are more avenues and more ways to attack with a lot of workers going to remote access."

One of the most important things the district should do, Quellos says, is to isolate the affected systems so the attack doesn't spread.

Also, they need to find out how the infection happened so they can prevent any future attacks.

Even though many district IT systems were offline because of this attack, VUSD officials said in-person and online classes continued for students.

They also said local and federal authorities were made aware of the incident.

The Cybersecurity & Infrastructure Security Agency, or CISA, has some helpful links about ransomware for students, parents, teachers, and administrators.

Visit their website for more information.

Copyright © 2021 KFSN-TV. All Rights Reserved.