Ransomware attacks have struck public school districts in New Mexico, but are New Mexico State University departments able to prevent or operate against such hack attacks?
NMSU Chief Information Security Officer and Information Technology Enterprise Director John Roberts, explained how a ransomware attack can occur.
“Someone is prompted a link that causes them to be infected or to give away their credentials either voluntarily by logging in to what looks like a login to the institution and they that person’s credentials or network so they can begin encrypting all the data stored on your device. They put your credentials and data for ransom and if you don’t pay you lose all your data,” Roberts said.
Roberts said the Federal Bureau of Investigation suggests people do not comply with the ransom.
A ransomware attack on the Las Cruces Public School District caused a manual scrub of 30,000 devices district wide. Samantha Lewis, public relations coordinator for LCPS, said the attack happened on the morning of Oct. 29.
“Computers were hacked and thankfully we had a system in place so that we were able to recover all of the systems. In order to make sure that this doesn’t happen again. It was necessary to clean every computer owned by the school district,” Lewis said.
Lewis said the process involved going through each computer and backing up all the data — documentation, policies and regulations — so they would not be lost. Once backed up, the computer can be reimaged.
According to KFOX14 News, the Gadsden Independent School District’s email services were also shut down on July 16 due to a ransomware attack. Sandra Galindo, a sixth grade teacher at Riverside Elementary in Sunland Park, described the effects of the ransomware attack as bothersome.
“I wasn’t able to access my account at school or at home, so I had to depend on my colleagues for information. It took the district four weeks to correct the problem, I didn’t receive important information and because I didn’t realize administration didn’t know I had issues, I went weeks without getting important information,” Galindo said.
Roberts said NMSU has more resources than the public school districts that were attacked if any system on the campus were hacked. However, since there are multiple systems around NMSU, he said there are certain smaller departments in a large college that lack proper IT support.
“Art and Sciences has some smaller departments in it. They really lack IT support and ICT provides them with support but those require a fee. In general, the computer users are on their own to backup their own equipment. We don’t, the university as a whole doesn’t backup any user devices, we offer those services for a fee,” Roberts said.
Roberts said in order to prevent hackers on their personal computer, students should keep their computers tightly secure with passwords, and backup important files through Office 365, which NMSU provides, or external devices.
“Another way would be having a jump drive, just dump all the files that you would not want to lose. Also, it helps to make sure your computer is tightly secure with a password, just in case if you leave in a Starbucks or something like that. In NMSU, we make you have a 17-character password for those cases and you should use the same thing to protect yourself,” Roberts said.
NMSU sophomore Karla Draksler said if the university was not prepared for a ransomware attack, it could lead to problems for students.
“I believe that if we are not prepared for a situation like that many students would suffer because we all have our information uploaded on MyNMSU accounts. So, even if someone didn’t manage to get something useful from the admissions, financial aid and office software. They could still pull info such as home addresses, phone numbers and family member’s names from MyNMSU accounts,” Draksler said.