Suffolk County and Long Island University's Homeland Security and Terrorism Institute will host a cybersecurity summit next month in the aftermath of two local school districts being hacked this summer with a ransomware virus, officials said Tuesday.
The summit, to be held Oct. 16, was organized partly in response to the Rockville Centre school district paying nearly $90,000 in July to hackers who encrypted files on the system’s server until payment was made to unlock the information. The other district, Mineola, was corrupted by the same ransomware, known as "Ryuk," but the district did not have to pay a ransom to unlock data because it had everything backed up offline.
The invitation-only summit, which will include state and federal experts from industry, law enforcement, academia and government, will be held at the LIU Tilles Center in Brookville, Suffolk County Executive Steve Bellone said.
"The fact of the matter is that security breaches against local municipalities and school districts are becoming more frequent, jeopardizing critical data and controls that threaten the everyday lives of our residents,” he said.
The summit is expected to cover the cybersecurity threats local governments face, along with opportunities and resources that are available to school districts, towns, villages and counties to protect themselves.
Ransomware has threatened several large governments and schools throughout the country and is believed to be coming out of Eastern Europe, according to news reports. Ransomware is a malware that targets data and systems for extortion and is delivered through targeted phishing emails, according to the FBI. After the user has been locked out of the data or system, there is a demand for payment, the agency said.
The state Education Department sent a notice to all districts July 31 about a cybersecurity threat reported in four districts: Syracuse, Watertown, Lansing and Rockville Centre. Officials advised "educational agencies that believe they may be compromised/infected with ransomware" to contact several agencies, including the state's Division of Homeland Security and Emergency Services.
Earlier this month, Nassau BOCES hosted a closed cybersecurity summit in Westbury. Speakers included the Mineola and Rockville Centre superintendents, the FBI, Homeland Security and Emergency Services, the state Education Department and Nassau BOCES technology experts.
The viruses for both Rockville Centre and Mineola came in through emails with links or attachments and lay dormant for months before attacking the servers, officials said. State Education Department officials said another Long Island school district also had been hacked but declined to name the district Tuesday because officials have not yet notified residents.
Rockville Centre Superintendent William Johnson said his district’s technology systems, including telephones, emails and many files, were held for ransom. The district paid $88,000 in bitcoin via insurance to release the data, he said, according to a statement from BOCES. Johnson urged the other districts to review their insurance policies to ensure they have a high enough limit and that the policies cover ransom.
Some of the other actions districts were urged to take include: creating a disaster recovery plan and conducting drills; providing district staff with ongoing professional development about how to know if an email is real or fake; and developing a way to communicate with their community if their website and email are compromised by an attack.
“It’s not if your district will be attacked, it’s when,” Rose LeRoy, director of Educational Data and Research for the state Education Department, said in a statement.