“The investigation done by cybersecurity experts has found no evidence that any personal information was taken,” said Sask Polytech chief financial officer Cheryl Schmitz in a Thursday morning update.
“We did not pay any ransom, or have any contact with the individual or individuals responsible for this incident. A law enforcement file remains open and we will cooperate in any way requested.”
Schmitz said that at this point, no motive for the attack has been discovered and that the cost of investigating and responding to the incident has not yet be finalized.
While officials wouldn’t confirm the individual the attack was directed at, they say it started when somebody opened a malicious link sent in an email on Oct. 30.
The school’s security system detected the malware and an email was quickly sent out to all staff and students instructing them to stop using school computers.
The school’s emergency IT protocol was activated and the school “shut down its systems,” according to Schmitz.
Sask Polytech’s Zoom, email and Microsoft Office systems were shut down, along with saskpolytech.ca and its student portal.
Both in-person and online classes, meanwhile, were cancelled.
Schmitz said Thursday “the majority of online services and systems are now available to both students and employees.”
“Early on we adopted and continue to follow a cautious, phased approach to securely restoring services,” she added.
“This is based on an order of priority. Our first priority, after suspending and securing systems, was focused on returning students to learning.
Online learning services were restored within 10 days of the attack. A staggered return to in-person learning began around the same time.
Through November, the website, student portal and public wifi were restored.
Since then, Schmitz says the school has been focused on restoring a number of other services, including online application for full-time programs, by-phone application for continuing education programs, tuition payment and refunds, acceptance letters and class schedules.
Schmitz says work is continuing to restore some services like online continuing education registration, and to restore the school’s book store and website to full functionality.
Schmitz said the school worked with unnamed “third-party experts” to investigate the incident and to beef up cyber security training and protocols.
“Many people have been working very hard to complete restoration to full operations, but progress is being made every day,” Schmitz explained.
“We’ve increased education to our faculty and staff on how to identify malicious emails. We’ve increased all arms of security for students and employees.”
Multi-factor authentication for online services has been introduced for students and staff, along with new anti-virus software for employee computers.
A password change was also mandated following the attack.
Schmitz also thanked the student body, faculty and staff for enduring the attack and subsequent investigation.
“Early in the event there were frustrations,” she said.
“Students and parents were calling and we were unable to return calls. We also understand that it took longer than expected to respond to emails looking for information, application status updates and transcripts.”
Schmitz said the school has shared more than 100 updates on its website and social media in an attempt to remain transparent about the incident.