MINNEAPOLIS — Teachers and parents at Minneapolis Public Schools (MPS) say something weird has been going on with their technology.
Last week the school district told teachers and students to change their passwords and that the district was working to restore access to some of their computers, phones, and other technology.
After-school activities were also canceled Monday evening, but officials said they are back on Tuesday night.
The district called the situation an "encryption event."
KARE 11 asked MPS officials whether the school district’s computer network had been hacked, but officials so far will not confirm or deny it.
So, KARE 11 sought out advice from a member of the cybersecurity community to learn more about what may be going on at MPS.
"My guess is they're under a widespread ransomware attack,” Bryce Austin with TCE Strategy said.
Austin works on ransomware cases on a regular basis and said that based on the current situation at MPS, and the wording school district officials are using in their statements, he thinks it sounds like a classic example of a ransomware attack.
"When they say ‘encryption event’ I am strongly suspecting that someone has gotten into their systems and encrypted their data so the school districts can't use it, and now they're trying to extort money out of them to get it back,” Austin said.
Large companies and organizations are often targeted by cybercriminals, and Austin said large school districts are also frequently targeted.
"It happened to the LA school district last year. It happened to Tucson about a month ago. It happened to Nantucket just a few weeks ago. We see a lot of it."
And when it happens, the criminals are often looking for money, hence the term "ransomware."
In many cases, cybercriminals have literally stolen a school district's private information and demanded money to get it back.
"The last large case my company worked on, the initial demand was $8 million. I'm not at liberty to say what the payout was, but it was a seven-figure payout. It was over a million bucks,” Austin said.
"School districts are not known to pay out at the same frequency that a regular business does."
KARE 11 has asked Minneapolis Public Schools whether this case is in fact a ransomware attack and if they have received any demands for payment, but at this time the school district has not confirmed or denied any of the information.
Austin said that's not unusual in these kinds of cases.
"I have been through many of these sorts of events and the number of insurance companies or legal counsel that do not want companies to use the word ‘ransomware’ is really, really high,” Austin explained. "I don't think they're purposefully trying to hide things. I think they're in the middle of doing recovery."
Austin said most large businesses and schools have backup systems in place, but sometimes those systems are also connected to the same network that has been hacked.
In those cases, Austin said the attackers can easily get in and delete those backup systems, so the organization is forced to either pay the ransom to get their files back or have them deleted forever.
However, Austin said some organizations have their backup systems either offline or on a different network.
In those cases, he said an organization can usually retrieve their files from that backup system without having to pay a ransom to the cybercriminals.
“I’m hopeful that the Minneapolis Public School District has an offsite backup of their data. If they have that, they could be in the process of restoring right now," he said.
In a previous statement, the district did say there is no evidence at this time that suggests personal information has been compromised, but district officials said teachers and students were in the process of changing passwords just to be safe.
Watch more local news:
Watch the latest local news from the Twin Cities in our YouTube playlist: