Minneapolis Public Schools (MPS) has entered its third week of what it describes as an “encryption event,” where a ransomware group called Medusa managed to put in an encryption virus on the district’s servers. 

The virus, which locked MPS students and employees out of several systems for multiple weeks, was first noticed on Feb. 18. MPS reported that almost all systems were back online by Feb. 28, but some teachers inside the district said they were still unable to access their grade books or print documents from their computers at the moment.

MPS announced on March 7 that a number of the district’s data had been accessed through the encryption. Medusa is threatening to release the seized data to the general public on March 17 if their ransom of $1 million shouldn’t be met.

“MPS data that was shared and potentially accessed is currently undergoing an in-depth and comprehensive review,” the district stated in a March 9 update to its website. “This may take a while and individuals can be contacted directly by MPS if this review indicates personal information has been impacted.”

MPS has pledged to supply free credit monitoring and identity-theft protection services for anyone whose personal information was accessed. MPS recommends changing passwords on any accounts which have been used on an MPS device or network.

Local skilled hacker and cybersecurity specialist Ian Coldwater, who’s hired by firms to interrupt into their systems to assist find and shut vulnerabilities, says schools and hospitals are common targets of information breaches. 

“This shouldn’t be unique to MPS, and I wouldn’t even say it’s the fault of MPS, but what’s necessary for organizations to know is the way to reply to those things,” Coldwater said. In reality, school systems have change into prime targets for hackers, having breached the Los Angeles and Chicago school systems, amongst many others.  

“Ideally in this case, the district can be notifying people who find themselves affected immediately telling them that they were affected, what kind of information was exposed,” said the cybersecurity expert. “Since the district isn’t doing that straight away, it’s as much as all of us to take these measures to guard ourselves and to let other people know this is happening and how much measures they’ll take.”

Coldwater says encryption events often start with someone in a company clicking a phishing link from an email or text message. Phishing messages often spoof legitimate communications, comparable to telling victims their password must be modified, to get the recipient to click a malicious link.

Coldwater agreed with MPS that every one users should change passwords for any account that has been recently used inside the MPS network or any account that shared a password with an account recently used on the network. Coldwater also recommends using a password manager to create strong, unique passwords for each account, and activating two-factor authentication, which might require a user to approve all logins through an email, text message, or authenticator application.

Coldwater says that since data from the breach goes back so far as 1995, anyone who was a student or worker of MPS at any point prior to now decade should assume their data could have been affected.

 “Control your accounts, like your financial accounts and statements, for anything weird,” Coldwater said. “If you happen to get any fraudulent charges, if you have got people attempting to sign into your account as you, trying to alter your password, in the event you see anything weird, be sure to act on that immediately.

Coldwater recommends reporting any suspicious activity on financial reports to the institution that issued the report, and for people to freeze credit if anything looks amiss on a credit report.

Some in the neighborhood have expressed frustration with the hack.

“Why is such old data even being stored? It’s ridiculous. This might impact me 20 years after I left MPS,” said former MPS student Taylor Dahlin, who last attended school within the district in 2003 before transferring to Arts High School in Eden Prairie.

Coldwater says the perfect cybersecurity practice a district can have is to design its systems assuming they can be breached. One example of this might be to make use of student ID numbers somewhat than names on sensitive files, in order that a hacker would must secure each the files and an inventory of student IDs to get any identifying information.

“Know that this type of thing happens. You would talk over with your local school district and ask, ‘What type of measures are you taking? Try to be aware of this happening,’” Coldwater said. “And perhaps encourage them to bolster their security system and hope they take you up on it.”

Coldwater recommends talking to family and friends who could also be affected to be sure they’re aware of the hack, especially in the event that they don’t sustain with news through social media. Coldwater created a Twitter thread with detailed recommendations for those affected by the hack, which might be found on their profile, @IanColdwater.