NewsLocal News

Actions

Investigative report reveals what led to 2020 cyberattack on Baltimore County Public Schools

Cyberattack 121619
Posted
and last updated

TOWSON, Md. — A newly released Inspector General's report reveals what led to a 2020 cyberattack on Baltimore County Public Schools.

Investigators closely reviewed whether the school system ignored prior warnings from the State Legislature to better protect their online networks.

The hack itself occurred back on November 24 of 2020 following a Board of Education meeting, forcing virtual learning to be suspended for multiple days.

RELATED: Ransomware attack forces Baltimore County Public Schools to close

It all started as an unsolicited email sent to a school worker. The email falsely claimed to be from a college representative with a phony invoice attached.

The worker thought the email was legitimate but still reached out to the IT department for assistance.

They determined the email was suspicious and forwarded it up to the school system's security contractor. The contractor then mistakenly opened the email on an unsecured domain.

In their report the Inspector General said that was the catalyst which delivered the undetected malware into the network.

Turns out the hacker deliberately delayed the ransomeware attack to avoid early detection. It took more than two weeks for the malware to infect the network and disable critical functions.

Although the Inspector General found that the school system generally followed security recommendations from state auditors, they did fail to relocate their publicly accessible database causing inadequate network security.

Regardless the malware in this case was delivered before the release of the legislature's audit in 2020, but long after a 2015 audit that raised similar concerns.

While the attack did not corrupt the school system's backup files, some sectors including human resources and payroll information were unreadable or damaged complicating recovery efforts.

In the end the school system decided to use a backup file that was approximately a year old that did not include personnel, payroll, or benefit revisions made before the cyberattack.

This did have some temporary impact on staff and retirees.

Since then the school system has transitioned its essential network functions to a cloud-based environment and implemented various new security measures including multi-factor authentication, firewall technology, and enhanced malware detection.

In total, recovery efforts have cost nearly $9.7 million.