The Northshore School District, appropriately located on the northern shore of Lake Washington, near Seattle, was the victim of a major cyberattack in 2019.
The incident made national news, headlines that Jon Wiederspan, the district’s network operations manager, said Tuesday still haunt him nearly three years on.
“We first found out about [the attack] at 5 a.m. on a Saturday and we had scheduled an update to our student information system,” Wiederspan said during an online event hosted by the K12 Security Information Exchange. “When the system analysts logged in, the student information system wasn’t there. Instead, there was a page advertising Ryuk.”
Ryuk is a prominent type of ransomware that first cropped up in 2018, quickly building a reputation for targeting government, education and health-sector entities worldwide, racking up $150 million in payments by the end of 2020. (The gang behind the Ryuk malware followed it with another ransomware known as Conti.)
“In cases like this, it’s my job to decide who needs to be woken up. In this case, it was absolutely everybody,” Wiederspan said. “It’s not fun to call your supervisor and say, ‘we think everything is down.’”
As a result of the 2019 incident, many of the Northshore School District’s Windows-based systems were rendered non-operational. Luckily, Wiederspan said, some key resources were running on Linux servers. E-mail and student file storage were also unaffected.
Though many of the tools required for instruction were still operational, Wiederspan said he and his colleagues “knew the damage behind the scenes,” like the system used for sales in school cafeterias.
“We serve 10,000 meals a day,” he said. “We were tracking them by hand for two weeks.”
It took about three weeks to repair access to critical services, including rebuilding the entire active directory domain and restoring file permissions on a server with “millions” of files, Wiederspan said. It would take another three-and-a-half months for the school district to completely recover from the…