Hackers still owning parts of OKCPS network? District won’t say – Updated

Last Updated on May 19, 2019, 8:52 AM | Published: May 17, 2019

Five days later questions remain about the condition of the Oklahoma City Public Schools digital network that handles all business, grades, and internet service to students, faculty, and staff.

District IT staff and third-party consultants are planning to spend Friday evening through the weekend to recover the district’s digital network after a damaging ransomware attack.

The attack comes at a difficult time of the year as the largest district in the state is preparing for teachers to upload grades and other critical data.

Limited information

After pressure from Free Press and a few other news outlets, plus repeated questions from parents of OKCPS students, district spokespersons issued a news release at 4:16 p.m. Friday.

The latest one-paragraph statement does not make clear if district staff are back in control of the network or if the attackers still have control of parts of the network.

The statement said, “IT Teams are being deployed tonight and over the weekend to scan and assess our more than 11,000 devices.”

Parents who are known to Free Press but wished to remain publicly anonymous told us similar stories about the situation in the classrooms after the network being down all week.

All said their children came home with stories about how they were not able to do the usual learning activities that require access to the Internet.

Teachers have told us that they are keeping records by hand on paper due to the network being off line.

Since Monday

The network was taken down at 4 P.M. Monday to isolate the network from the Internet after district IT staff detected a malware attack underway that morning.

Then, Tuesday, at 5:22 p.m., an email was sent to the media that said, in full:

OKCPS continues to address the recent ransomware attack. We are grateful to our staff for their flexibility and for continuing to put students first as our IT Services Teams work with our third-party experts to resolve the issue. OKCPS will provide updates when we have significant progress to report. We appreciate the community’s patience as we respond to this matter.

That was the first time the term “ransomware” was used in a statement by the district.

The district’s website landing page is functional, but little else is known about the internal network the district uses for its work.

Free Press has continued to ask the district for updates throughout the week only to be referred to the Tuesday email.

This morning, Media Relations Manager Arely Martin responded to our requests saying that they planned to send another statement today. No time estimate was given.

Free Press will continue to monitor this situation.

Ransomware

“Ransomware” is a sub-category of the more general term “malware.”

One digital security company, Trend Micro, gives this definition of ransomware on its website.

“Ransomware: A type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files unless a ransom is paid.”

In Tuesday’s OKCPS email, the use of the term “third-party experts” is likely a company that is paid to help an organization recover from such an attack.

Two industries have risen as the software and methods of ransomware attacks have become more sophisticated: one that resources the hackers and the other that helps organizations defend against the attacks.

Trend Micro reports that there has been a rise just this month in ransomware attacks “against large corporate networks and workstations in the United States, Canada and parts of Europe.”

The attacks are being made with a new, more powerful ransomware the security industry is calling “MegaCortex.”