Malware Incident Update

Monday, February 8, 2021

Hello Everyone,

Our technology staff and EduTech BOCES support have done a remarkable job and restored the internet for tomorrow. Therefore, we will have in-person school for the Blue Cohort, PreK through 12th grade, starting tomorrow.  There needs to be patience and flexibility as there may be some glitches with the internet but we are excited to have our kids in-person across all five buildings. 

By far the most important thing this week will be our work to connect with your kids, check on their social-emotional health, and teach the best we can under the circumstances.  

With gratitude,

Tim

Malware Incident FAQs

Updated FAQs February 4, 2021

What happened?

On Saturday, January 30th , servers in the District were compromised by a form of Malware called Ransomware from an outside source, which encrypted a variety of files and systems such as SchoolTool, Transfinder, and aspects of the Windows Active Directory. In other words, it held these files hostage while the perpetrators asked for a ransom. The good news is personal student and staff data as well as all financial data was not compromised. In addition, student grades were not compromised. Google and Google products such as Google Drive and email were also not impacted.

The Department of Homeland Security as well as the Federal Bureau of Investigation have been working hand in hand with our District’s technology department and the Wayne-Finger Lakes (WFL) BOCES EduTech department to not only try to solve what happened but also restore systems so we can have our internet back.

When can we return to school?

Our PreK-3rd grade Gold Cohort students will be able to have in-person school tomorrow (Friday). There will be no internet in the ECS or VPS but all emergency procedures are operable.

We will continue with virtual learning tomorrow for students in grades 4-12. We have also enabled Schooltool to become operational. Our building administration will send more specific directions to you regarding Schooltool in a separate communication.

When can the entire District return to normal?

We still must reimage all of our District computers in order to make sure the Malware is gone. This is a long process but one that we believe we can accomplish between Friday and Sunday. The reason we needed to wait until now is that the actual image had to be created in order to be pushed out to our district laptops. The creation of the image is time consuming.

We are hopeful that we can manage this reimaging through the weekend. We would then be able to get back to our “normal” routine which includes in-person learning for all Blue Cohort students, PreK through 12th grade, on Monday, with virtual learning for the Gold Cohort and 100% onlline students. We will let the community know about Monday’s plan as soon as we have confirmation from the EduTech team.

Why did this take so long?

One of the reasons the process took so long is that we spent time trying to find the Ransomware, which is a form of Malware. Once we realized we could not locate it quickly, we needed to wipe our Server system clean and rebuild it from backup data. We have approximately 35 Servers on campus. We also needed to make sure the FBI and Department of Homeland Security had all of the data they needed to proceed with the investigation. The other issue was we ran into roadblocks accessing backup data. This took a significant amount of time and included EduTech personnel driving servers from Newark to Victor in the snow storm on Tuesday.

Yesterday we were finally able to upload much of the backup data and then start to power up our Servers. We have been able to restore our phone system, our alarm system, and the images necessary for the reimaging of our computers. As mentioned earlier, we will reimage the District computers starting tomorrow.

Are my home computers and phones safe?

Yes. Because your home computers and phones were not on our Servers when the Ransomware attack occurred, they are fine, including phones that people take to school.

How do we prevent this from happening again?

As stated in the previous FAQ document we sent out on Tuesday, we cannot guarantee that we can prevent a future Malware attack. It really comes down to focusing on not only prevention, but also on recovery. For example, we are putting in place more effective security measures, we will continue to diversify our Server locations, and, with what we learned through the process, we will have a much quicker recovery period. Our Director of Technology, Angela Affronti, who started seven months ago, already was planning out a significant revision of our cybersecurity system that took into account the above issues. Bigger picture, these issues fit into a larger pattern of the need for our District to continue to modernize its systems and infrastructure and include these improvements in our financial planning moving forward.

Finally, we must offer our staff more consistent training on how entities use phishing techniques (deceptive electronic messages that trick unsuspecting consumers disclosing information) and how to recognize these types of messages. There are many outstanding programs that support this type of training that we need to implement as soon as possible. Having our staff knowledgeable in the general concepts of cybersecurity is paramount to a safer environment.

Special Thanks

I would be remiss if I did not thank those people who have been instrumental in helping us get through this crisis. First, we could not have put our District back on track toward 2020-21 normalcy without the leadership of our Director of Technology, Angela Affronti and her technology team. They are outstanding. In addition, the WFL BOCES EduTech team, under the direction of Keilli Eckdahl, is unbelievable with their expertise and support of the intense and complicated process of wiping out incredible amounts of information and then rebuilding it in a week. I also want to thank the Federal Bureau of Investigation who is doing their diligence to apprehend the person or persons that initiated this Malware attack, and the Department of Homeland Security who is supervising the rebuild of our technology structures. Without this type of skill and leadership we may have been working remotely for weeks instead of days.

Next, I want to thank the VCS staff. They continue to take on immense challenges with a growth mindset approach and an optimistic attitude. I know hundreds of staff have gone above and beyond to work with our kids, communicate with families, or help out other staff members during these challenging days. It is the staff that continues to keep VCS a high performing District.

Finally, I would like to thank our parents and community. You have borne the brunt of the challenges of COVID and now Malware. You were already dealing with the difficulty of the hybrid model, and now this. Thank you for your continued patience and understanding.

Next Steps

We will continue to monitor the situation closely. The goal will be to get all of our students back in the hybrid model as soon as possible. I will give an update over the weekend.What about future communication from the school?