Southern Arizona’s largest school district hit by cyber attack

KMSB News 5:30-6 p.m. recurring
Published: Jan. 30, 2023 at 6:14 PM MST|Updated: Jan. 30, 2023 at 6:30 PM MST
Email This Link
Share on Pinterest
Share on LinkedIn

TUCSON, Ariz. (KOLD News 13) - Over the weekend, the Tucson Unified School District was hit by computer hackers who are now holding its data hostage.

On Monday, Jan. 30, it forced schools to do work offline.

Early Monday, staff across the district found a letter in their printers. The letter said the system was hit by Royal ransomware and the district’s data was allegedly encrypted and copied.

13 News showed this letter to an expert, and he said this was an issue that’s being seen more often.

“The group itself that had sent this letter has actually been around about a year and they’ve been ramping up a lot of their activity in the United States,” said Andy Taylor, CEO of TechTalk Radio.

A ransomware attack like this one could’ve spread through TUSD’s system by someone simply clicking on an untrustworthy link, according to Taylor.

The hackers claimed the district’s data has been allegedly copied and can be published online, where anyone will be able to see it.

“There’s always the chance that this information can end up in the wrong hand,” Taylor said. “Now, in the case of Royal and the ransomware, most of the time they’re just looking for a quick payout. They’re hoping that someone will pay them the money and of course, decrypt that info. That’s what happens in a ransomware attack.”

And that’s exactly what the letter said… that Royal was offering them a “unique deal” to get the data decrypted, restored and kept confidential. Right now, Taylor said TUSD is likely working to find the source of the issue.

″My biggest concern is now they’re without their systems and that can affect of course their instruction. They’ve got a day, maybe two days, some of these depending on the infection, of course they’re going through and determining that now, this could last up to months,” he said.

In an email and voicemail sent out to staff and families, the district said a cyber security incident happened on its network and that internet and network services are down as the matter is investigated.

“We are actively working to correct the issue and have notified all the appropriate authorities. All TUSD schools will continue their regular school schedule,” the district said.

Taylor has a friend who works for one of the schools in the district. She also sent him the letter from Royal. He said Monday looked a little different for the teachers and students.

“Pretty much everything is stopped right now. Education is going old school. She has turned it into an instruction on how (it was) before the internet,” he explained.

Andy Taylor said a ransomware attack like this is good time to focus on safe practices so this doesn’t happen to you. This includes running updates, not clicking on links and questioning everything.