FBI ends GCSD cyber attack investigation

— Photo from CISA’s Top Tips for Virtual Learning

GUILDERLAND — The investigation into an April 22 cyber attack at the Guilderland schools is wrapping up.

“No information was used for identity theft or fraud,” Superintendent Marie Wiles told The Enterprise on Monday.

The spring-semester attack, which canceled in-person classes for several days, was investigated by the FBI.

A “threat actor group” used malware to encrypt certain school-district systems, Wiles had told The Enterprise earlier.

On Monday, she said, “We are in the process of notifying individuals who may have had information seen by people who shouldn’t have seen it.”

Altogether, 367 letters were sent out to former students and former employees, she said.

The district worked with specialists through its insurance carrier to cull through the data and research mailing addresses, Wiles said.

Although the district is required to send out the notices, Wiles said of the pilfered information, “None of it was used to any bad effect.”

Asked if there were any suspects in the case, Wiles said, “I don’t know that we’ll ever be able to reveal that.”

To do so, she said, could hurt the FBI’s efforts “to stop the bad guys.”

“The ongoing fight is nationwide and worldwide,” she said.

Since the onset of COVID-19 and the increase in remote learning in schools, “malicious activity with ransomware attacks against K-12 educational institutions” has risen sharply, according to the Cybersecurity and Infrastructure Security Agency, an independent federal agency under the oversight of the Department of Homeland Security.

“Malicious cyber actors are targeting school computer systems, slowing access, and rendering the systems inaccessible to basic functions, including remote learning,” says a fact sheet that CISA developed with the FBI for schools. “In some instances, ransomware actors stole and threatened to leak confidential student data unless institutions paid a ransom.”

Asked if Guilderland had been told to pay a ransom and, if so, for how much, Wiles responded, “We have been working in tandem with the FBI on this matter. As part of our commitment to assist in those efforts, we are not commenting on or disclosing additional information about the threat actor or any interactions with them.”

Wiles also said of Guilderland, “Since the investigation, we have beefed up our security system to screen activity in our network.”

The district continues to train its employees, when using computers, “not to click on things that look suspicious,” she said. Students are being trained as well.

“We are ever more vigilant in investing in the tools we need to stay safe and secure ...,” said Wiles.  “We need to stay one step ahead of the bad actors who are constantly upping their game,” she said, likening it to an arms race.

More Guilderland News

  •  In those first 10 years, it seemed no one dared go above 30 miles per hour, “which we enjoyed, especially living on Main Street,” said Altamont resident Mya Sullivan, but over the past year, she has begun to see drivers flying down Route 146. 

  • In a Jan. 5 letter to the Surface Transportation Board, village attorney Allyson Phillips writes that Altamont is opposed to CSX’s attempted acquisition of Pan Am Systems because the running of a 1.7-mile-long train twice per day over the Main Street railroad crossing would leave parts of the village inaccessible to emergency responders for as long as 10 minutes.  

  • The biggest factor in the revenue jump is the state’s commitment to make Foundation Aid to schools whole. “It looks like that three-year phase-in, at least from the governor’s perspective, is going to happen, so that’s tremendous news for our school district and school districts throughout the state,” Guilderland’s assistant superintendent for business, Neil Sanders, said on Tuesday.

The Altamont Enterprise is focused on hyper-local, high-quality journalism. We produce free election guides, curate readers' opinion pieces, and engage with important local issues. Subscriptions open full access to our work and make it possible.