Minneapolis schools mum on IT issue, while expert says it's a likely attack

Minneapolis Public Schools continues to investigate what it's calling an "encryption event" that caused problems with its IT systems last week.

Driving the news: There's a wide belief among parents and teachers that MPS was the latest victim in a surge in cyberattacks on school districts across the country, but MPS declined to confirm or deny a hack when asked by Axios.

State of play: Several MPS systems, including internet, phones, cameras, badge access and building alarms, were affected last week.

Yes, but: MPS said on Friday that many of them had been, or would soon be, restored to full functionality as students returned to class yesterday.

Why it matters: Cyberattacks can often disrupt school for several days, but MPS appears to have avoided the worst of it.

Reality check: Twin Cities-based cybersecurity expert AJ Nash of ZeroFoxsaid "encryption event" appears to be a euphemism for a ransomware attack — in which hackers shut down the school's IT systems and ask for payments that are often five or six figures.

• Districts typically don't pay the ransom (as the FBI suggests) and instead spend several days clearing out their systems and reloading with backups. That's what MPS appears to be doing, Nash said.

Between the lines: If it were a ransomware attack, the hackers picked a bad week. Classes were out for Presidents Day on Monday and parent teacher conferences on Tuesday, and students went to e-learning Wednesday through Friday because of snow. Systems that students used for e-learning were not affected.

• It's not clear how much the issues played a role in MPS' decision to cancel in-person learning. Some other metro districts returned to in-person learning on Friday.

Threat level: MPS suggested students and teachers change their passwords last week "out of an abundance of caution."

• MPS said there's no evidence their personal information was compromised.

Of note: Nash said the district asking families and staff to change their passwords indicates MPS doesn't know for certain if personal information has been accessed.

• He suggested people should be vigilant about unusual texts and emails for the next four to eight weeks.

Zoom out: Schools have been near constant ransomware targets for years due to IT budget constraints and a lack of dedicated resources, Axios Codeboook's Sam Sabin writes.