Skip to main content
Clear icon
28º

Franklin County Public Schools ransomware attack under investigation

FRANKLIN COUNTY, Va. – A local school district is back up and running after becoming a victim of a cyber attack. The threat forced Franklin County Public Schools to close on Monday.

Meanwhile, investigators are looking into where the ransomware attack came from.

“We don’t know the origins of the attack,” Christopher Cope, an FBI cyber task force supervisor said. “I believe forensics are still ongoing between the school district and state police and the FBI, they should have that information shortly.”

Cope said ransomware attacks are very common across the U.S. and can hit any kind of business or organization, not just schools.

“It’s a crime of opportunity that they’re identifying vulnerable systems,” Cope said. “Many times those vulnerable systems are unpatched or are no longer supported. Companies may have just poor cyber hygiene or vigilance from employees.”

Logan Diomedi is a member of Roanoke InfoSec Exchange, a group of local IT professionals, and he works for Depth Security. He said schools are often targeted in cases like this.

“These networks are typically quite large,” Diomedi said. “They’re not as locked down as like a bank network would be. They contain a lot of sensitive information, you know your children’s private information is in them.”

Diomedi recommends groups of all kinds stay vigilant following the attack.

“One thing that we see really commonly that gets us in are weak passwords,” Diomedi said. “Avoid using passwords like the name of the company, or the school district, or a season like spring 2023 or something along those lines, and then using multi-factor authentication on your accounts as well. Such as requiring a push code from your phone or a text message or something that verifies only you can log in.”

On Wednesday, school officials said they’re working with law enforcement to learn more about the recent incident.

Dr. Cobbs said the attack won’t have an impact on grades because those are stored in an off-site third-party managed system. She said all of the critical systems are running again.