What happened in Des Moines schools' ransomware attack? Technology director tells all
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Aïda Amer/Axios
You may remember how a massive ransomware attack on Des Moines Public Schools in January exposed student data and put classes at a standstill.
Driving the news: Lisa Irey, head of technology at DMPS, is giving a behind-the-scenes look at what happened during a live webinar tomorrow.
Why it matters: Ransomware attacks nationwide are expected to get worse before they get any better, as professional criminal groups seek millions of dollars targeting critical infrastructure like hospitals and schools.
- The details behind the DMPS attack were shared in a Q&A with Heartland Business Systems earlier this year.
How it started: Irey was at home with their pregnant wife when they got a call from a network engineer saying: "Hey, just a heads up: we think something might be going on."
- "What we came to learn was that this was a massive, orchestrated, tactically engineered cyberattack against Des Moines Public Schools, one that sent shockwaves through the threat intelligence community due to the size and magnitude of the attack."
What happened: Within 90 minutes, the district decided to "pull the plug" and go offline, resulting in classrooms losing access to the internet and the school's network.
State of play: The attackers sought out data on student identities, which are some of the most valuable on the black market, due to their lack of credit histories, Irey said.
- The group of attackers, whose names Irey withheld during the Q&A, left a phone number for negotiations, but no one answered for two weeks. DMPS did not pay the requested ransom.
- School officials later learned this was the attackers' "swan song" and they broke up after the attack.
Zoom in: Trying to figure out the depth of the attack and how to respond to it became an all-in effort, involving the district's cybersecurity insurer, executive leadership and even the FBI.
- They worked together in a "war room" at a district building as it shaped up to be "one of the worst days ever," Irey said.
- Ultimately, some student data was compromised and school was canceled for two days in January until the systems could go back online.
The bottom line: The silver lining of the attack was the opportunity to redesign the district's network from the ground up and get rid of what was outdated.
- Rather than having a responsive relationship in the district, IT is now a part of the conversation, Irey said.
- The district invested $4 million into cybersecurity earlier this year.