Early in the morning of Aug. 9, Blue Valley Chief Information Officer Brian Daley said he began receiving word from Blue Valley School District personnel saying they were unable to connect to Blue Valley School District network resources. After investigating the matter, Daley said his team discovered the problem to be an aggressive virus, which breached the BVSD’s network and began spreading.
With the diagnosis made, Daley said he and his team began to combat the problem. Luckily, Daley said, all BVSD employees were required to attend an event called “Rally in the Valley” at BVW that day. Daley dubbed the event to be a saving grace as no employee was able to connect to the Blue Valley network, allowing the virus to spread. Having everyone off and away from their computers stopped the virus in its tracks.
“That happened to be the day where everybody was at the Rally in the Valley event. So, all our staff and employees were over at Blue Valley West getting ready to celebrate the start of the school year,” Daley said. “Which in a way kind of helped us, because everybody was off the network at the time. [Rally in the Valley] allowed us to secure what we needed to, isolate what we needed to, while everybody was occupied.”
According to Daley, the virus, which only targeted Personal Computer devices (PC), was able to infiltrate the Blue Valley network through means of Social Engineering. An example of this includes a spoofed email, which Daley confirmed a BVSD employee fell victim to, allowing the virus onto the network.
In a typical ransomware hack, Daley said the perpetrators lock up organization’s files when the organization’s network is logged into by an employee. With control over the organization’s files, the perpetrators will send a message to someone inside the organization asking for a ransom to free up the files. Daley likened these tactics to a modern day Mafia.
“To do some of the same things that you saw maybe Mafia doing in the past, it’s just a new form to shut down businesses,” Daley said.
As with any Mafia type organization, a ransom demand to free up the organizations entities would surely follow, but, according to Daley, the Blue Valley School District received no such demand. This was due to, Daley said, he and his team filing abuse letters in order to shut down the Internet Service Provider (ISP) in which the perpetrators hacked. With these letters filed, the ISP provider was shut down according to Daley and the connection between the perpetrators and the Blue Valley School District was severed before a ransom request could be issued.
“We were able to locate where it was coming from. We were able to send out abuse letters to the ISP providers they were using, they were able to sever the tie [to] their network operation,” Daley said. “At that point there was nothing communicating with this particular piece of malware.”
The Blue Valley School District chose not to involve law enforcement, as Daley said this would mean surrendering the investigation over to the authorities. Since the BVSD chose not to confront the perpetrators and pay the ransom, coupled with the connection between the two being severed, Daley said there was no need to involve a policing body.
As the connection was severed, Daley said then he and his team were able to distribute endpoint security to all affected devices in order to recover the locked information. In all, Daley said the outage lasted four days, ending on Monday, Aug. 12.
Despite wrapping up the network outage before students started school, Nicholas Deffer, the Technology Integrations Specialist at BVNW, said the effects from it could still be felt. According to Deffer, multiple servers were effected by the virus, including Synergy, the main information center for teachers and students alike. With Synergy experiencing problems, Deffer said the central nervous system of the District was compromised, leading to other systems being shut down.
“Since multiple servers were impacted by the hack, a lot of the processes that sync a lot of the parts of our system got messed up. Like Canvas syncs from Synergy every night, so that wasn’t happening for a while, so [the District] got that fixed,” Deffer said.
Part of the continued problems seen with connecting to the Blue Valley network after the network outage was solved, Daley said, was also due to the District choosing to separately shut down some systems in order to strengthen its security in the event of another cyber attack. Despite taking more time to strengthen these systems, Daley said all of these systems were up and running, except for ParentVue and StudentVue, by the first day of school for students on Aug. 15.
With the pair of systems being compromised heading into school, parents were unable to pay lunch money nor were students able to check their schedules online. Although student schedules were released on Aug. 5, some students were unable to view their schedules until the first day of school for a variety of reasons. One such student affected was senior Sally Vo.
“I was out of the country like the whole summer,” Vo said. “I got back a week before school started, so I couldn’t get my schedule.”
Vo said she received her schedule on the first day of school, in a print version.
Principal Amy Pressly said BVNW wasn’t planning on printing schedules for students for the 2019-20 school year, but with problems connecting to ParentVue and StudentVue, Pressly said they decided to rescind that idea.
Since the virus only targeted PC devices, Pressly said the BVSD was fortunate to have undergone the one-to-learner laptop initiative the year prior in an effort to reduce the reliance on PC devices. In addition, Pressly said BVNW was even more fortunate as the school took out over 700 PC devices over the summer, leaving the virus to have a minimal impact.
Of the few departments at BVNW still reliant on PC devices, the business department, has had a difficult time due to the virus, Pressly said. Matthew LeCount, who teaches in the business department at BVNW, said for the first week or so his class was unable to even utilize computers. In addition, even with being able to use computers after the first week, LeCount said his classes have been unable to use the software required to conduct the class.
In the event of these difficulties, LeCount said he’s had to get creative on how to instruct his classes. He is teaching Software and Game Design, Web Design and Honors Java this semester.
“I have my students working on a web based program, CodeHS, so they are getting some background in HTML,” LeCount said. “Even though we’re not developing the webpage, they’re getting a taste of that, so when they do develop webpages, they’ll be able to do stuff a little quicker.”
Recognizing that the post-network-outage effects haven’t just been hard on himself, Lecount said he still worries that not being able to utilize the necessary software for his classes will affect how his students view the class.
“It’s required an adjustment by everybody, and I realize that it hasn’t just been hard on me, but it has been a challenge,” Lecount said. “It may impact what students think of the class. Because, until they really get into the software, they won’t know what the course is like.”
Despite causing problems for himself, LeCount said he agreed with the school district’s decision to reinforce parts of the network by taking them down.
“If they rebuild it in a proper way to prevent this from happening again, that would be worth it,” Lecount said. “Even if we are without technology for a little bit, it will probably be worth it down the road.”
In spite of the network outage’s impact on the Blue Valley community, Daley said he wanted to thank everyone for their patience while his team dealt with the matter.
“I’m just glad everybody was patient through this, you know, our staff, our principals, teachers and students were patient. [They] allowed us the gift of time to get through this. We came out stronger in the end with some added defenses,” Daley said. “I think we’ll have a good rest of the school year.”