Whitko Community Schools

June 12, 2024

On or around March 17, 2024, the Whitko Community Schools appeared to have suffered a network outage. This outage eliminated the ability to access critical resources on the network and rendered many of the district’s servers as unusable.

Originally it was determined that the incident was caused by a “brownout,” a scenario with changes in the power supply system that can damage systems.

The district worked with a third-party data recovery firm to help recover critical files. During the data recovery process, the third-party firm found indications that the incident was not caused by a brownout, but rather was the byproduct of a ransomware attack.

Ransomware is a malicious software, called “malware,” that denies access to computer devices or files until a ransom is paid. The district has not been contacted by the attacker or paid any ransom. Ransomware attacks do not necessarily result in sensitive information being stolen. 

To date, the district has discovered no evidence that impacted files, including PowerSchool, were stolen and believe the systems were taken offline before data could be stolen.

After discovering the outage was likely caused by ransomware, the district engaged a local third-party IT and security firm and the Multi-State Information Sharing and Analysis Center (MS-ISAC) to take steps to identify potential causes of the incident. The district has been working with both firms to enhance security of its network.

The district will continue to work with the third-party IT and security firm to provide any additional recommendations and security hardening to prevent an incident like this from occurring in the future.