BUFFALO, NY (WKBW) — All remote and in-person learning has been shuttered for Buffalo Public School children as the district deals with a ransomware attack.
“We feel very really heartbroken as an organization, that there's been a criminal attack on our system and our faculty and children,” declared Rachel Fix Dominguez, co-chair, Buffalo Parent Teacher Organization.
The ransomware attack on the Buffalo Public School system halted the return of another 5,000 students to in-person learning Monday, but it also shutdown all remote learning for thousands of children.
“We are so frustrated that this happens on the heels of such a careful — methodical planning process for a return to school,” Fix Dominguez responded.
“Are you hearing from other parents are they frustrated and concerned and worried about what learning will look like this week?”, Buckley asked.
“I think yes — they are concerned about what schooling will look like,” responded Fix Dominguez.
The district issued a letter Sunday outing an update for the school community. It stated it is "actively working with cybersecurity experts”. It also states “the district is making headway in restoring critical systems that support their primary function of teaching and learning.”
On Friday the district's Chief Technology Officer Myra Burden says they quickly worked to contain damage.
“As a preventative measure what we have done is disconnect our system from internet communication,” explained Burden.
The district says it was working Monday to “pressure test system restoration.”
“This is a process that takes time because you have to pressure test each of these systems and hope that they cleaned it all out and have good back ups,” said Arun Vishwanath, cyber security expert and Buffalo school parent.
The FBI is investigating, but the district says it does not know if any personal information was breached.
“If you're a parent out there and you've a child who's using the school system — I think we're protected from that and if you have any doubt — the first think to do — go off the internet — it stops the attack right at it's tracks,” Vishwanath noted.
As far as potential school system information that was breached, Vishwanath said it could an email server or something deeper.
“It could be something even more deeper. It could be class records — grade records — the grading book — people’s personal information,” described Vishwanath.
The FBI estimates a ransom attack could cost between $100,000 and $300,000, but so far the district says it has not been asked to pay.
“Does a district pay that out to clear this up?”, Buckley asked Vishwanath.
“Is there value in paying? I would say no — I think we should all be backing up our data — we should all be trained to have good cyber hygiene and I don't think we should pay ransom,” replied Vishwanath.
7 Eyewitness News reached out to the district for further comment, but a spokesperson says they could not say anything further at this time.
"Anything beyond what we have already said could jeopardize our efforts, now and going forward, to resolve the crime that was committed against us."
Elena Cala
Special Assistant to the Superintendent for Public Relations
Buffalo Public Schools
Fix Domniguez said while school families wait for answers, she has a message for parents.
“If we’re going to place blame — we need to do that to the criminals who attacked us,” Fix Dominguez said.
Monday evening the BPS district issued an update saying the staff has restored functionality of systems in "majority of buildings" following ransomware attack. However, students will remain home Tuesday. They will return to a full date of remote learning on Wednesday.