DES MOINES, IOWA — After a long month of recovery and investigation from a cyber attack back in early January, Des Moines Public Schools are nearly back to normal, district leaders say. “School as we know it prior to January 9th is in full effect,” interim superintendent Matt Smith said on Friday.

January 9th was the day the district first noticed something was wrong with their computer networks. The cause was quickly apparent: a ransomware attack. Classes were canceled for two days until systems could be restored enough to get kids back in the buildings. Since then it has been weeks of slow restoration.

On Friday, Smith said that classroom activity is the same as it was before the attack. But not everything is back to normal, yet. Smith says that is due in part to the vulnerability the district still faces. Smith says there is an 80% chance that DMPS is targeted again in the next six months. Industry experts tell him “copycat” attacks are common.

With that in mind, Smith says there is still information he isn’t comfortable divulging publicly. “Threat actors are out there. They are out there watching, they are out there listening,” said Smith, “They will take any information I provide and use that to exploit our systems.”

Smith says that some data that the school maintained was accessed during the ransomware attack. The data wasn’t “stolen”, as DMPS still has possession. Smith wouldn’t say what information or which individuals were impacted, but promises the district will help.

“If we learn that information about you has been taken from our systems, we are going to let you know as soon as possible and as soon as we can,” Smith says. Specifically, he says those affected will be contacted by US mail. They will be offered free credit monitoring.

Smith also declined to answer if a ransom was paid. He says it is too early, as well, to determine a financial cost from the ransomware attack. The district is working with a cyber security insurance company.