Virus takes down Lynbrook school computers

Posted

In the wake of two cyberattacks of the district’s computer systems — one successful and one unsuccessful — Lynbrook school officials announced at the Feb. 13 Board of Education meeting that they were searching for ways to make the district’s network more secure.

The first attack occurred in early January, when the district’s payroll manager — whom the district declined to identify — received a suspicious email, Superintendent Dr. Melissa Burak said. The email, which appeared to have been sent by Burak, asked her to click on a link to transfer a direct deposit check to a bank account in the Midwest, according to Burak. Fortunately, Burak said, she did not click on the link.

Then, a few weeks later, an unknown employee clicked on a fraudulent link, which spread a virus called Emotet Trojan to all of the district’s desktop computers. The virus searched through saved password files in an effort to hack into employees’ bank accounts, and copied their email addresses in order to spread even further.

“There are cyberterrorists in this world, and they’re not good people,” Paul Lynch, the district’s assistant superintendent for finance, operations and information systems, said at the Feb. 13 meeting. “Their goal is to steal your money and to steal your computing time.”

The good news, Lynch added, is that the district’s network is “incredibly stable,” so the virus only affected its desktop computers, and teachers were able to continue their instruction with the district’s laptop program. In fact, Lynch said, teachers at the two middle schools “didn’t miss a beat” during a period of almost two weeks when the desktops were out of commission, because the teachers could project their lessons to the screen from their laptops. He also said that no data was compromised by the attack.

Over those two weeks, the district’s technology team worked 14 or more hours a day — including weekends — to eradicate the virus without turning on the desktop computers out of fear of re-infection. And even now that the virus has been deleted, Lynch said, it is continuing to send out emails that appear to come from a district official to people whose email addresses were saved on the desktop computers.

On Jan. 24, Burak warned residents on Facebook that they might receive a suspicious email from district employees. “If this email contains an attached file or link that is labeled as an ‘invoice,’ simply delete the email,” her post read. “Do not open the attachment, do not click on the link, do not respond. This is to safeguard your home devices.”

According to Lynch, hackers have “weaponized” the viruses that spread in the early 2000s to “make them more virulent” and rewrite themselves in real time to adapt to various firewalls.

Therefore, he said, the district needed real-time defenses. It has switched to a new email system with an upgraded filtering program, and the Lynbrook.k12.ny.us email server has been disabled. When students return to school next week from winter recess, every district official will have a Lynbrookschools.org email address using the format firstname.lastname@lynbrookschools.org.

When Trustee Ellen Marcus mentioned that at her office, the administration could send out fake phishing emails to see which employees might click on fraudulent links, in the interest of warning them not to, Lynch replied that the district’s new email system would also have that capability. “When you click,” Lynch said, “I will know that you clicked and you will be therefore addressed appropriately.”

He added that everyone in the district would have to go through “serious cybertraining,” but said, “Our staff has been made well aware that they should not be clicking on links if they don’t know where they’re from.”

Additionally, Lynch said that the district would issue a request for proposals for a new firewall system over the summer, and would be adding more laptops with built-in projection devices in the district’s proposed 2019-20 school budget.