Updated September 8, 2020 - 4:49 pm
The Clark County School District was the victim of a ransomware attack affecting employee data during the first week of school, according to an update provided by the district on Tuesday.
The update said that on the morning of Aug. 27, CCSD systems “became infected with a virus that prohibited access to certain files” and may also have compromised certain current and former employee data.
“Upon discovery, CCSD immediately notified law enforcement and began an investigation, which included working with third-party forensic investigators to determine the full nature and scope of the incident and to secure the CCSD network,” the update said.
The ongoing investigation has not been able to determine whether the hacker actually accessed or acquired any sensitive data, according to the district.
“In an abundance of caution, CCSD is notifying individuals, including certain current and former employees … whose name and Social Security numbers were present in the affected systems at the time of the incident,” the update said.
Any impacted parties can call a district assistance line at 888-490-0594. The district also encourages employees to remain vigilant for reports of identity theft or fraud, and to monitor credit reports and account activity for suspicious activity.
CCSD representatives did not say whether the district had paid any money to the hackers to resolve the threat.
Representatives for the FBI and the Department of Justice did not immediately return requests for information.
Ransomware attacks this year have affected school districts in North Carolina, California and Connecticut, with the Hartford School District delaying the start of classes as a result. There have been no indications from law enforcement that the attacks were linked.
CCSD is the is the 200th public entity in the United States to be hit by a ransomware attack this year, according to Brett Callow, a threat analyst at cybersecurity company Emsisoft. In 2019, such attacks cost 966 government agencies and education and health care providers about $7.5 billion.
The COVID-19 pandemic appears to have slowed the pace of ransomware attacks at least until August, when 10 K-12 school districts and five universities reported attacks, Callow added. Spikes are thought to be tied to both workers returning to the office, and reduced personnel during the summer months.
Whether the attacks on school districts are linked is difficult to determine, according to Callow, as many ransomware groups operate through an affiliate model, where he people carrying out the attacks are not necessarily the same people who developed the malware. The hackers also may work for more than one group, he said.
Ransomware attackers often demand somewhere from $150,000 to $250,000 to restore access to the affected software, Callow said, though demands and time limits vary from group to group.
“The attackers gain access to networks an average of 56 days prior to launching the ransomware — which is the point at which organizations finally realize they have a problem — so have had ample opportunity to examine the financials,” Callow said. “They usually even know how much insurance coverage organizations have.”