Pembina Trails School Division confirms cyber attack

Hey there, time traveller!
This article was published 03/12/2024 (380 days ago), so information in it may no longer be current.

Pembina Trails School Division has confirmed it was hit by a “cyber security incident” Monday that has resulted in some of its systems, including phone lines, being taken offline.

In a letter to staff and parents, Supt. and CEO Shelley Amos said the division’s network system was still down as of Tuesday afternoon.

“We can confirm this is a cyber security incident,” she wrote in the letter, which was shared with the Free Press. “Pembina Trails took immediate steps to secure its network, which included making a variety of services unavailable.”

Pembina Trails staff were informed Tuesday the division had been hit by a ransomware attack, an education source told the Free Press.

The source said staff were informed the division was still working on a fix.

Pembina Trails did not reveal the specific nature of the “cyber security incident,” nor whether any personal data may have been exposed.

Amos said the division was restoring interrupted services, investigating the incident and “better understanding” its impact.

Outside experts were brought in to investigate.

“We are working with a cyber security management firm specializing in this type of critical incident,” Amos wrote.

“On a positive note, we have been able to restore phone lines in all but one of our schools and anticipate that all school phones will be functioning by the end of (Tuesday).”

The division said Monday that “unusual activities” were detected in the network system by Pembina Trails’ information technology staff that morning.

Schools remained open and classes continued.

“As mentioned previously, our intention is for classes to continue and to minimize the impact on learning,” Amos wrote Tuesday.

“Once again, please be alert for any unusual activities or suspicious content on our network systems. Do not open or click on any links you do not recognize. Do not reply to any messages that are suspicious or unsolicited. Promptly report them to your immediate supervisor.”

“We’ve become completely dependent on these systems and when they’re down, most things come to a halt.”

Amos told staff and parents the division will provide regular updates on its progress.

“We appreciate your patience. Be assured that resolving this incident is our top priority,” she wrote.

Amos wasn’t made available for an interview Tuesday.

Pembina Trails has about 16,000 students at its 36 schools in southwest Winnipeg.

Administration assistants were most affected by the outage, leaving them without computers, clocks and intercoms, the education source said.

The outage will make future lesson planning difficult, they said.

“We’ve become completely dependent on these systems and when they’re down, most things come to a halt,” they said.

Cyber security experts have warned of an increase in attacks in recent years.

Carmi Levi, a technology analyst and journalist based in London, Ont., said Pembina Trails’ situation followed a “depressingly familiar trajectory.”

“(It) reflects a growing realization within the cybercriminal community that schools, school boards and other public-facing institutions like government agencies, health-care networks, libraries, and others make for highly desirable targets,” he wrote in an email.

Those institutions are targeted because they are responsible for huge volumes of data, which is the currency of cyber crime, from a diverse set of people, Levi wrote.

He said Pembina Trails deserves to be lauded for quickly responding to the incident and providing updates to the public.

Levi said organizations tend to divulge limited information in the early stages, when attacks are typically ongoing and too much information could allow attackers to do more damage in the interim.

“The district will ultimately have to share specific guidance on what exactly happened, what’s being done to recover from this event, and what steps will be taken to harden its systems, staff, and students against future attacks,” he wrote.

“Every cyber attack offers up ample opportunities to learn and re-prioritize, and the school district will have to focus on assuring its community that it is learning from this experience, but is also applying those learnings to minimize future risk.”

The University of Winnipeg was paralyzed by a cyber attack in March. Personal information of students and staff was among the data stolen in the attack.

A number of school divisions in Canada, including Toronto District School Board, have been targeted by ransomware attacks in recent months.

“If you look at the technology infrastructure of the typical school board, it will manage diverse sets of technologies, platforms, and solutions. There are lots of ways in, and lots of vulnerabilities to exploit,” Levi wrote.

He said public-facing and funded organizations in Canada don’t direct enough of their IT budgets toward cyber security and training, leaving them vulnerable to attacks.

Ransomware is a type of malware that infects a network and denies a user’s access to files or systems by encrypting files. Attackers deny access and demand money for access to be restored, the Canadian Centre for Cyber Security says.

Phishing emails, which are disguised as being from trustworthy senders, are one of the most common ways attackers trick victims into clicking on links or downloading malware.

chris.kitching@freepress.mb.ca