CHS rises from the ashes in the wake of ransomware attack

Nov. 21, 2019. Most everyone in the Claremont Unified School District had presumed school hours long since passed. Yet unbeknownst to students, events were at play that would be hugely consequential in the coming months. Teachers were left similarly in the dark, but at 6:09 p.m., they received a telling message beginning with four chilling words: “District has been hacked.”

The news took CHS students and faculty by storm. While teachers had been notified in advance, students arrived at school the next day to hear of the cyberattack that they would come to know by the term “ransomware,” a type of malicious software that seizes control of a user or group’s data and requests a certain amount of money in exchange for the data.

The attack seemed relatively innocuous at first, but within the coming days, every device within the district with access to the internet was taken in by the CUSD Technology Support Personnel. The team sat, heads together, in the CHS office, surrounded by stacks of laptops that had yet to be swept. As they cleaned each device, the team worked to install the new anti-virus software.

CHS computers previously had strong virus protection software installed, but this virus was novel and could not be detected by CHS’s antiquated malware.

“CUSD did not do anything wrong,” Dr. O’Connor said. “This is a brand new virus. When it’s new, our malware can’t even look for it.”

All CUSD servers and on-campus internet were shut off completely as a safety measure to prevent the virus from spreading. Luckily for teachers and students, Canvas and Google applications remained unaffected. Attendance was taken by hand and manually sent to the office every day for each class period. Teachers were forced to adjust their lesson plans and lost all access to electronic gradebooks, preventing them from entering any grades. Some grades even disappeared from the gradebooks. In response to the virus, the CUSD school board created a link on a new server for students to access their grades.

Organizations like Yearbook, Wolfcast, and the Wolfpacket faced perhaps the most drastic consequences among students; due to the lack of server and computer access, these groups were forced to cancel issues, adjust deadlines, and even halt certain content production.

“Every deadline that we miss is around $6,000 extra for an extension, so we were worried,” CHS yearbook Editor-in-Chief Noga Levi said.

Luckily, Yearbook was able to slide past their deadline a day early by bringing their flash drives and computers home, dodging the insurmountable cost. Production of Wolfcast was also halted; the group was unsure how they would run the show going forward, since they lacked access to the computers. The team was unable to edit videos, and as a result, could not release daily news in their standard format.

“At the beginning, we were too caught up in not knowing what was going on,” Wolfcast show host and sophomore Mercer Weiss said. “We’ve learned a lot from this experience, though, like staying calm and filming things in advance.”

The Wolfpacket was also hit hard. Traditionally publishing ten issues a year, the group faced a dilemma in the publication of their fourth issue. Due to the lack of computer access, the Wolfpacket was unable to edit newspaper pages or access past documents as all of their data was stored on district servers. As a result, the staff decided to cancel publication of the fourth issue and instead publish timely articles online via their website and social media.

The cyberattack sparked a period of growth that provided lessons on adapting to change. In the future, these three student organizations aim to use the attack as a lesson to secure file storage. Yearbook plans to fastidiously back up all of their files on an external hard drive in case of another attack. Wolfcast made use of their void in workload by entering “Directing Change,” a film competition for youth in California. In competing, they were able to unite different groups on their team to produce videos on suicide and mental health awareness. The Wolfpacket utilized their break in publication to develop a more modernized format for their paper and improve the foundations for which future staff members can build upon. Ultimately, all of these organizations were able to overcome the cyberattack and will be better equipped to tackle problems going forward.

The ransomware attack has forced changes upon the entire district as it moves forward. Now, the district is mandated to change student passwords every 90 days. During the attack, the district also partnered with an external agency that will provide a report on what changes the district must make to prevent any future attacks from occurring. CUSD is lucky that it will face no major repercussions as a result of the ransomware attack, and the district will hopefully take this as a means to improve for the future.