News

UPDATED: Vergennes-area schools hit by ransomware cyberattack

“Protecting the privacy and security of our students, families, and employees is a top priority, and we are taking every precaution to safeguard data and restore systems promptly.”
— Superintendent Sheila Soule

This story has been updated since it was first published on January 7.

VERGENNES — The Addison Northwest School District on Tuesday morning identified what ANWSD Superintendent Sheila Soule called a “cybersecurity incident.” The attack locked district officials, teachers and other employees out of servers and shut down internet service in all three district schools and its central office.

In a text message exchange with the Independent on Wednesday morning Soule confirmed the incident was a “ransomware attack.”

According to fbi.gov, “Ransomware is a type of malicious software — or malware — that prevents you from accessing your computer files, systems, or networks and demands you pay a ransom for their return.”

Soule also confirmed the FBI is among law enforcement responding to the attack.

“The matter is being investigated by the FBI who has familiarity with this specific threat and the entity involved,” she wrote.

But, she added, the FBI doesn’t have the key to unlock the malware.

“We will restore the servers from backups,” Soule said.

That process will take time, she wrote, and in the meantime she also confirmed it remains unknown how much district data was misappropriated.

Cybercrimes like this one are not unheard of in Vermont.

The University of Vermont Medical Center was hit by a ransomware attack in 2020 that cost the hospital millions of dollars and limited operations for weeks. Last February, a Ukrainian man pleaded guilty to a role in this cybercrime.

In late 2023, the Milton Town School District was the target of a ransomware attack.

In a Tuesday morning email to the ANWSD staff and families, Soule wrote, At this time, we are actively investigating the extent of the incident to determine what information, if any, has been affected. Protecting the privacy and security of our students, families, and employees is a top priority, and we are taking every precaution to safeguard data and restore systems promptly.”

On Wednesday, she told the Independent, “Once servers are restored, our priority will be assessing any potentially compromised data, which will take time. After that, we’ll provide updates to staff, students, and families about what was affected and next steps.”

Upon discovery of the cyberattack, Soule wrote on Tuesday, “ANWSD immediately initiated its incident response protocols, which included isolating affected systems, engaging cybersecurity professionals, and notifying law enforcement. These steps were taken to ensure a thorough investigation and to secure our digital environment.”

Soule’s email also contained recommendations for ANWSD staff members and families “out of an abundance of caution.”

Those included suggestions that all should monitor their accounts and devices for “unusual activity,” including:

• “Receiving emails or messages requesting sensitive information, such as passwords, Social Security numbers, or financial details.

• Unauthorized charges on credit or debit cards.

• Notifications of login attempts from unfamiliar devices or locations.

• Accounts being locked or requiring password resets unexpectedly.

• Receiving phishing emails or messages that appear to come from ANWSD or other trusted sources.”

Soule recommended those who notice any of these signs “take immediate action to secure your accounts, such as changing passwords, enabling multi-factor authentication, and monitoring your credit.”

Soule pledged further updates as more became known.

“We understand the importance of transparency and will continue to keep our community informed as we navigate this situation. The safety and trust of our community are paramount, and we are committed to resolving this matter swiftly and responsibly.”

Soule sent out a second email at about 5:30 p.m. on Tuesday, reinforcing the advice on precautionary steps and recapping what was known at that time:

• The attack targeted district servers, limiting access to certain systems.

• Until ANWSD can regain access, it couldn’t confirm what, if any, information had been compromised.

• ANWSD was working closely with cybersecurity experts to investigate the situation and resolve it as quickly as possible.

“I know many of you are seeking more information,” Soule concluded. “Please understand that if we had more details, we would share them immediately. This is an evolving situation, and we will keep you updated as soon as we have confirmed new developments.”

Share this story:

More News
News

Homeless citizens are out of view, but they’re still there

Frigid temperatures and the recent removal of Middlebury’s largest encampment behind the I … (read more)

News

Police replace stolen flag that flew for late veteran

Vergennes Police Sergeant Adam O’Neill knew quickly on New Year’s Eve that the woman calli … (read more)

News

Food truck serves up opportunities for youth

A new food truck in Bristol is looking to offer more than a good bite to eat. The BEATs Ea … (read more)

Share this story: