Advertisement

No evidence personal info stolen in Sask Polytech cyber attack: school officials

On October 30 a malware attack at Saskatchewan Polytechnic led to online and in-person classes being cancelled. Files / Global News

Officials from Saskatchewan Polytechnic say the investigation into a cyberattack last fall that temporarily shut down classes shows the worst outcomes appear to have been avoided.

“The investigation done by cybersecurity experts has found no evidence that any personal information was taken,” said Sask Polytech chief financial officer Cheryl Schmitz in a Thursday morning update.

“We did not pay any ransom, or have any contact with the individual or individuals responsible for this incident. A law enforcement file remains open and we will cooperate in any way requested.”

Schmitz said that at this point, no motive for the attack has been discovered and that the cost of investigating and responding to the incident has not yet be finalized.

Read more: Cyberattack shuts down Saskatchewan Polytechnic

Story continues below advertisement

While officials wouldn’t confirm the individual the attack was directed at, they say it started when somebody opened a malicious link sent in an email on Oct. 30.

The school’s security system detected the malware and an email was quickly sent out to all staff and students instructing them to stop using school computers.

The school’s emergency IT protocol was activated and the school “shut down its systems,” according to Schmitz.

Sask Polytech’s Zoom, email and Microsoft Office systems were shut down, along with saskpolytech.ca and its student portal.

Both in-person and online classes, meanwhile, were cancelled.

Read more: Stolen Sask. health care data could fetch big money on dark web, expert says

Schmitz said Thursday “the majority of online services and systems are now available to both students and employees.”

“Early on we adopted and continue to follow a cautious, phased approach to securely restoring services,” she added.

“This is based on an order of priority. Our first priority, after suspending and securing systems, was focused on returning students to learning.

Online learning services were restored within 10 days of the attack. A staggered return to in-person learning began around the same time.

Story continues below advertisement

Through November, the website, student portal and public wifi were restored.

Click to play video: 'Malware on Nova Scotia Business Inc.’s website went unnoticed for up to 6 years' Malware on Nova Scotia Business Inc.’s website went unnoticed for up to 6 years
Malware on Nova Scotia Business Inc.’s website went unnoticed for up to 6 years – Sep 20, 2018

Since then, Schmitz says the school has been focused on restoring a number of other services, including online application for full-time programs, by-phone application for continuing education programs, tuition payment and refunds, acceptance letters and class schedules.

Schmitz says work is continuing to restore some services like online continuing education registration, and to restore the school’s book store and website to full functionality.

Read more: New maritime cybersecurity centre to fight pirates on the high seas and the digital world

Schmitz said the school worked with unnamed “third-party experts” to investigate the incident and to beef up cyber security training and protocols.

“Many people have been working very hard to complete restoration to full operations, but progress is being made every day,” Schmitz explained.

Story continues below advertisement

“We’ve increased education to our faculty and staff on how to identify malicious emails. We’ve increased all arms of security for students and employees.”

Multi-factor authentication for online services has been introduced for students and staff, along with new anti-virus software for employee computers.

A password change was also mandated following the attack.

Read more: Remote hacker tries to poison Florida city’s water supply

Schmitz also thanked the student body, faculty and staff for enduring the attack and subsequent investigation.

“Early in the event there were frustrations,” she said.

“Students and parents were calling and we were unable to return calls. We also understand that it took longer than expected to respond to emails looking for information, application status updates and transcripts.”

Schmitz said the school has shared more than 100 updates on its website and social media in an attempt to remain transparent about the incident.

Advertisement

Sponsored content