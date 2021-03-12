BUFFALO, N.Y. (WIVB) — The Buffalo Public Schools say they experienced a “ransomware event” Friday morning and are being assisted by the FBI to resolve the issue.

The district says no demands have been made at this point, though the FBI has advised that the ransom could range from $100,000 to $300,000 if and when a request is made.

As a result of the attack, remote learning was canceled Friday for BPS students.

The BPS IT department said it reached out to experts in the field that have experienced similar events for guidance. The district has confirmed the FBI is “engaged and assisting.”

Currently, their IT team is working to recover “critical systems” for teaching and learning. Preservation of critical data, “reinfection” minimization and supporting the criminal investigation into this event, is top priority, according to BPS officials.

Officials hope to determine the full scope of the issue over the next few days.

The district provided an outline of the following next steps they will follow:

Technical Next Steps for Recovery

-Office365, Teams, Infinite Campus, Munis, Schoology, Versatran, Blackboard, Clever, ATK2 (phone system) are identified critical systems for recovery.

-Validate the status of Office365.

-Validate the status of Tyler Munis (backup) and can it be restored in a cloud environment.

-Validate the status of Infinite Campus.

-Validate the status of Azure AD and can it be the primary source for authentication.

-Create a clean segmented network and restore to Cloud if possible.

-Restore authentication services.

Cyber Investigation Next Steps

-Superintendent approved an emergency contract with Grey Castle for cyber security investigation.

-The district’s Chief Financial Officer, General Counsel, and Director of Purchase were notified and agreed to the execution of the emergency agreement.

-Work with Grey Castle to collect initial investigative information.

-Install Carbon Black on all servers and endpoints.