Hermon School Department report ransomware attack

In early November, the Hermon School Department suffered a ransomware attack, discovered on November 5th. By November 6, the virus had spread to multiple servers, prompting an emergency shutdown to prevent further spread.

The attack's emergence was signaled by three events: a ransomware note on a school desktop, an interruption to the PowerSchool server, and staff inability to access critical servers. Additionally, a Windows 2003 server issue, unrelated to the attack, was identified.

The issue was addressed by IT company DNS Albany, focusing on PowerSchool, a provider of software and cloud services for schools. The PowerSchool application had a security flaw. The school was also running outdated and vulnerable software

While the attack's precise details are unclear, it is believed that directory information like names and addresses might have been accessed. A forensic expert is currently examining the situation, and legal guidance will follow on the necessary disclosures.

The number of affected individuals is not disclose.

The district did not engage with the ransomware group and did not pay any ransom. Normal school operations resumed by the morning of November 7th.