Peel District School Board struggles with fallout from malware attack, leaving parents, teachers in the dark

·4 min read

The Peel District School Board is still unable to say when several of its key online resources will be back on track after they were hit by a malware attack that continues to paralyze a string of databases.

Last week, the board told staff in an email, the malware “resulted in the encryption of certain PDSB files and systems,” and after it was discovered, the board “took immediate steps to isolate the incident.”

The risk posed by unknown hackers is creating unease among the unions representing elementary and secondary school teachers, who claim they have been kept in the dark, and received just the most sparing details about the type and scope of attack more than a week since the board first admitted it was facing a “cyber security incident.”

Speaking to the Star Thursday, board spokesperson Tiffany Gooch said a cybersecurity firm, hired by the board has made significant progress in both the investigation and recovery efforts, but couldn’t say exactly when the systems would be back to normal.

“We hope to be able to provide a resolution timeline in the next few days,” said Gooch.

“We can confirm that the incident involved encryption malware.”

Gooch wouldn’t say if the hackers have attempted to extort the board by seeking payment to unlock the seized data portals, but she did say there is “no evidence that any personally identifiable or otherwise sensitive data was compromised because of the attack.”

Gooch was unable to say how the incident occurred and who might be responsible. These are things she says she hopes the continuing probe will reveal.

Of equal concern to the union is that the board faces this logistic hurdle in the days leading up to students’ anticipated return to the classroom for in-person learning the week of Feb. 16.

Representatives from both unions say the board has provided links for back-channel access, so some tasks can be completed.

The board remains partially locked out of the intranet used by staff because some functions cannot be accessed.

She said the malware has not affected virtual classrooms, but it did wipe out the website and with it applications accessed by families.

As a result, the board extended deadlines for Grade 1 French immersion applications, Grade 7 extended French applications and Elementary Regional Learning Choices Programs applications.

It has also temporarily delayed acceptance offers for the Secondary Regional Learning Choices Programs (RLCP).

“Report cards for secondary students will be delivered on time, however, report cards for elementary students will be delayed by several days,” Gooch said.

While payroll has not been affected, the application used to generate and store paystubs is temporarily offline, Gooch said.

Ryan Harper, acting-president, of the Peel branch of the Ontario Secondary School Teachers’ Federation, says the board has been very “quiet about this,” and whether hackers are threatening to publish the victim’s data or block access to it.

“Our teachers are not reassured,” said Harper. He added that some teachers have received Google notifications that their passwords have been compromised.

Students are also expected to verify that they don’t have symptoms of COVID-19, via the website, before in-person classes.

“That’s going to be really hard to do with the website being down,” said Harper.

He said the trip up will affect teachers’ ability to provide the wealth of feedback on student performance that they would under normal circumstances.

Gail Bannister-Clarke, president of Peel Elementary Teacher’s Local, says there has been frustration and confusion among staff and parents alike.

“The board didn’t send out any messaging to say this is what we’re experiencing,” Bannister-Clarke said. “There was a lack of communication.”

Gooch conceded the malware has affected communications channels and the “board apologizes and continues to thank the community for their ongoing patience.”

Peel Regional Police had no new information to share about the status of their investigation.

Brett Callow, a threat analyst with cybersecurity firm, Emsisoft, said the Peel attack has the hallmarks of ransomware, where the cyber criminals intend on gaining something, often money, from encrypting the board’s files. All computerized systems can be targetted, as seen in the board case, he says.

“They very often steal a copy of the data, too, and, if the victim doesn’t pay, they start posting that data on the web,” Callow said. “It is, effectively, double extortion.”

The attack on the board comes on the heels of an investigation into a rash of NetWalker ransomware attacks, which led to charges against Sebastien Vachon-Desjardins of Gatineau, Que.

Vachon-Desjardins was charged in connection with illegally obtaining more than $27.6 million, the U.S. Department of Justice said last month.

The accused is alleged to be part of a shadowy group of cyber criminals who have attacked several targets in Canada, including the College of Nurses of Ontario, a Canadian Tire store in B.C., and the Northwest Territories Power Corporation.

—With files from The Canadian Press

Jason Miller is a Toronto-based reporter for the Star covering crime and justice in the Peel Region. His reporting is funded by the Canadian government through its Local Journalism Initiative. Reach him on email: jasonmiller@thestar.ca or follow him on Twitter: @millermotionpic

Jason Miller, Local Journalism Initiative Reporter, Toronto Star