PORTLAND, Ore. (KOIN) — Following a ransomware attack that prompted classes in the Centennial School District to be cancelled last week, officials said a cybersecurity firm identified the scope of the attack and took steps to contain the incident.
They did not disclose what the scope of the cyberattack was but did say student data “was not accessed or acquired” during the attack.
On April 26, the district announced “certain files on its systems were encrypted by an unknown actor.” They closed schools for a few days and launched an internal investigation, officials said.
When classes were cancelled, the district pulled all its systems offline to look into who may have encrypted the files.
The district’s governing board met Wednesday and announced they hired a cybersecurity firm and is conducting a forensic investigation.
A spokesperson told KOIN 6 News Wednesday the attack was made by “sophisticated cybercriminals.”
Steps to contain the incident, “including deploying next generation end point detection and monitoring security tools,” were put into place along with a detailed forensic investigation, district officials said.
Hybrid and distance learning picked back up this week, but largely without the use of computers.
“It’s kind of like when I was in school, we weren’t on computers. It was books and worksheets and take home packets and things like that,” said Paul Southerton, the director of Business and Operations. “It’s a well-documented and well-informed practice and we’re working through that. Maybe just a little screen break for folks.”
The district said it expects to resume computer distance learning by the end of next week.