Delano becomes latest Minnesota school district hit by ransomware attack

Classes were canceled in Delano, Minnesota, on May 20 after the school district said it suffered a ransomware attack.

Delano Public Schools Superintendent Matt Schoen says they discovered on May 19 that someone gained access to their system, printing out hundreds of pages throughout the district that just said the word "ransom" at the top, with a message that was otherwise encrypted. 

"This is real. We've determined that this was not anything that was done internally, a student involved or anything of the sort," Schoen said.

In an update on Friday, school officials said data from the district was "likely" stolen.

"We are actively reviewing what information may have been affected. If the forensics from the cybersecurity incident response team determines that personal information was involved, we will contact affected individuals directly with clear guidance for next steps," the district said. "However, our initial assessment shows that the potentially stolen data does not include student data or sensitive personal information such as Social Security numbers, driver's license numbers, bank account information, or medical information."

Officials added Friday that a student, artificial intelligence or a phishing email did not cause the attack and that investigators have identified how the attackers gained access, though they have yet to disclose who committed the hack or where the attackers are based.

Just last month, a hacker shut down schools in Spring Lake Park for two days. The hacker got into some systems and demanded a ransom. The school district said there was no evidence they accessed any personal information. 

WCCO spoke earlier this month with Bryce Austin, a cybersecurity expert with TCE Strategy. Austin says public schools are often low-hanging fruit thanks to outdated technology. 

"I think education really is in the crosshairs," Austin said. "Think of it as a car that was built before there were seat belts. It's hard to add that to a vehicle safely. It kind of needs to be built with that in mind."

Austin says the safety feature upgrades are often too expensive for school districts. In Spring Lake, a spokesperson says they are implementing "additional safeguards that go beyond industry standards," adding there's no evidence so far that stolen data was misused. 

In Delano, Schoen says their system worked as intended to keep the impact of the hack limited. 

"When that internet was shut down, they had limited access to potentially just internal servers. Not information that would include student information, staff information or Google account," he said.  

Schoen says authorities, including the FBI, are aware of the hack.

Delano students were back in the classroom on May 21. They used Ethernet cables to access the internet.