Evanston Township High School was closed Monday and Tuesday after a targeted ransomware attack disrupted the school’s computer infrastructure, internet services and other electronic systems.
All summer school classes, camps and additional campus activities have been canceled for at least two days, according to a statement issued June 7 by District 202 officials on its website.
When the district became aware of the cybersecurity incident, it immediately activated its emergency response procedures and contacted its “external cyber breach attorneys and cybersecurity forensic experts” to assist with the investigation and recovery process, the statement said.
“We are working with these specialists to determine precisely what information may have been accessed or acquired and to restore normal systems operations as quickly as possible,” the statement said.
Officials also said the district is cooperating with the FBI on an investigation into the breach.
“At this time, the investigation remains ongoing, and we do not yet know the full scope of what data may have been impacted,” ETHS Director of Communications Reine Hanna said on behalf of the district in a statement to the Pioneer Press.
“The district is working with cybersecurity forensic experts to determine what information, if any, may have been accessed or acquired. The district has not yet determined how exactly the breach occurred.”
Hanna added that the school closure was “necessary because the incident has affected systems that are critical to safely operating campus,” including network and internet services, phone services and other emergency systems.
“Without these systems fully operational, we cannot safely run school or other on-campus activities,” she said.
Officials do not know when campus will be able to reopen, Hanna said, but expect to make a determination within the next 24 hours based upon the “progress of the investigation, system restoration and confirmation that ETHS can safely resume operations.”
“We will communicate updates as soon as we are able,” she said.
As a result of the incident, staff many not have access to email and ETHS families may not be able to use certain online tools or school accounts, including the Home Access Center. Staff is being told to work remotely for the next few days unless instructed otherwise by their supervisor, officials said.
Staff do not currently have access to their district Google accounts or other network systems, according to the ETHS website.
“We understand this situation is disruptive and appreciate your patience and flexibility,” officials said. “Additional updates and instructions will be provided as they become available.”
The cybersecurity incident comes in the wake of a mass global cyberattack on the Canvas online learning system in May, affecting the ability of several thousand universities to distribute course materials, publish assignments and conduct virtual learning.
The University of Illinois at Urbana-Champaign was forced to postpone final exams and assignments for students as a result. Northwestern University in Evanston was also affected by the attack.
A hacking group called ShinyHunters claimed responsibility for breaching the Canvas system, according to published reports.
A cybersecurity expert said the hackers later posted that “9,000 schools worldwide were affected, with billions of private messages and other records accessed.”
Canvas’ parent company Instructure later reached an agreement with the hackers to have the data returned, along with digital confirmation of the destruction of the stolen data. Instructure did not disclose the financial terms of the deal or confirm whether or not a ransom payment was made.
