You may remember how a massive ransomware attack on Des Moines Public Schools in January exposed student data and put classes at a standstill.
Driving the news: Lisa Irey, head of technology at DMPS, is giving a behind-the-scenes look at what happened during a live webinar tomorrow.
Why it matters: Ransomware attacks nationwide are expected to get worse before they get any better, as professional criminal groups seek millions of dollars targeting critical infrastructure like hospitals and schools.
The details behind the DMPS attack were shared in a Q&A with Heartland Business Systems earlier this year.
How it started: Irey was at home with their pregnant wife when they got a call from a network engineer saying: "Hey, just a heads up: we think something might be going on."
"What we came to learn was that this was a massive, orchestrated, tactically engineered cyberattack against Des Moines Public Schools, one that sent shockwaves through the threat intelligence community due to the size and magnitude of the attack."
What happened: Within 90 minutes, the district decided to "pull the plug" and go offline, resulting in classrooms losing access to the internet and the school's network.
State of play: The attackers sought out data on student identities, which are some of the most valuable on the black market, due to their lack of credit histories, Irey said.
The group of attackers, whose names Irey withheld during the Q&A, left a phone number for negotiations, but no one answered for two weeks. DMPS did not pay the requested ransom.
School officials later learned this was the attackers' "swan song" and they broke up after the attack.
Zoom in: Trying to figure out the depth of the attack and how to respond to it became an all-in effort, involving the district's cybersecurity insurer, executive leadership and even the FBI.
They worked together in a "war room" at a district building as it shaped up to be "one of the worst days ever," Irey said.
Ultimately, some student data was compromised and school was canceled for two days in January until the systems could go back online.
The bottom line: The silver lining of the attack was the opportunity to redesign the district's network from the ground up and get rid of what was outdated.
Rather than having a responsive relationship in the district, IT is now a part of the conversation, Irey said.