DES MOINES, Iowa — A suspected ransomware attack on Iowa’s largest school district has closed schools for two days as technicians work to restore the computer system and protect data, district officials said Tuesday.

District officials said they made significant progress in restoring systems after they discovered the cybersecurity breach Monday, including regaining access to the district’s student information portal and ensuring phones are operational.

“When our system is down, it impacts every aspect of our organization,” said Des Moines school district’s interim superintendent, Matt Smith, noting everything from school bus routes to lunch menus is controlled through the computer system.

But the 30,000 students in Des Moines Public Schools are being told to expect an offline learning experience until further notice, with limited access to the internet and networked resources and no wi-fi.

With classes canceled Tuesday and Wednesday, Smith said students will need to make up the days missed. The district announced that schools would reopen Thursday.

The cyberattack has put Des Moines schools on a growing list of school districts in Iowa and around the country that have been targeted.

Here is what we know:

When did Des Moines Public Schools find the cybersecurity attack?

The district’s information technology staff was first alerted to a problem Monday morning, Smith said during a Tuesday news conference. The IT staff shut down the district’s servers, internet, and network to limit the impact.

Officials also believe that the payroll system is safe and that the district’s nearly 5,000 teachers and staff can be paid, according to Smith.

Was this a ransomware attack?

While the investigation is ongoing, officials with Des Moines Public Schools are treating the incident as a ransomware attack. There is no timeline for when the investigation will be concluded.

“It was a cybersecurity event that we can’t confirm yet until we run through all of our diagnostics and all of our protocols to get the forensics back to understand that specifically,” Smith said. “What I can tell you is we are operating as if it is a ransomware attack just to be sure.”

Source By: usatoday