While the topic of the coronavirus (COVID-19) pandemic took center stage during the Burke County Board of Education’s special meeting Monday, the board also received updates from Burke County Public School officials on the system’s ransomware attack it suffered on March 8.
According to Chief Technological Officer Melanie Honeycutt, the incident originated as a “Emotet malware and ransomware attack on the entire system,” and occurred through an email chain. The same Emotet malware attack could possibly have affected Durham County and the Interactive Medical Systems, according to an email received by Honeycutt.
Emotet is “an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans,” according to the U.S. Dept. of Homeland Security.
Board member Seth Hunt asked Honeycutt what the estimated timeline was for being totally finished with the clean-up process.
“For us to be totally finished, you’re probably talking five weeks or maybe six (weeks),” Honeycutt said. “We’re hoping by the end of the week to have internet access at the schools. We’re hoping by Monday to have printers available. We have to put our hands on every single machine.”
The timeline is affected by the schools’ closures too, Honeycutt said.
Furthermore, Honeycutt assured the board that the attack is not affecting students’ ability to access online course materials from home. The school system is recommending teachers turn on WiFi hotspots if they wish to access the network at schools during optional work days.
“We have ClassLink,” she said. “They can see every single program that they have access to at the school at their homes.”
BCPS has been working with officials from the Microelectronics Center of North Carolina (MCNC), the internet service provider for public K-12, two-year and four-year institutions in the state. The school system also is coordinating with officials from the FBI, the National Guard, the North Carolina Dpartment of Information Technology and SecureWorks — a company that works to respond to cyberattacks.
Honeycutt said use of Windows machines contributed to the spread of the malware.
“Fortunately for us, none of our sensitive data is stored on our servers,” Honeycutt said. “A Windows machine visits every Windows machine. Students in CTE (construction and technical education) classes haven’t been able to turn their machines on because they are Windows machines and they’re not clean yet.”
With this in mind, Honeycutt said she and her team are building “with the future in their thought process.”
She said she and her team are making a conscious move to more Chromebooks and Macbook machines and “are trying to move away from a Windows environment as much as we can.”
Part of this involves Virtual Local Area Networks (VLANs), or a custom network that enables groups of devices from multiple networks to be combined into a single network.
“Bookkeepers will be in one place,” Honeycutt said. “Finance will be in one place. Data mangers will be in another. All of our wireless arrays will be in one place. We built this as our foundation.”
All personnel records, financial records and student data are located in a remote server or network, called a cloud. Social Security numbers and student numbers were not compromised according to Honeycutt.
The file servers at the school system’s 30 server locations were compromised, despite backups that were in place at Olive Hill Resource Center, Walter Johnson Middle School and the cloud, as well as content filters at its server locations.
Honeycutt said the restoration process involves cleaning each and every machine. There are 15,524 devices in the school system computer devices — a number which does not include Apple TVs, printers and interactive boards. Additionally, there are 1,400 wireless arrays throughout the school system, Honeycutt said.
“Could it happen again?” Honeycutt said. “There’s a possibility. I can’t say it would never happen again because I never said that it wouldn’t happen the first time. My team has tried to make sure that as we build this network, we build it with the future in mind.”
Still, Honeycutt assured the board that progress was being made.
“We do have all of our VLANs up,” Honeycutt said. “Our finance machines are up and running. We have a wireless working in (Olive Hill Resource Center) and we have a copier turned on in every school that’s available to run copies.”
Still, Honeycutt acknowledge that she and her team “have to continue to be diligent.” Along these lines, the school system will turn off remote desktop access to teachers, faculty and students.
“It could have come from anywhere,” Honeycutt said. “It could have come from remote desktop access. So by turning (remote desktop access) off, I think we’ll limit our chances of having any major issue happen again.”