JACKSON, Mich. (WLNS) – The November ransomware attack forced Jackson and Hillsdale schools to shut down for days.

At the time details were limited, but now officials say the ones behind the attacks were international, adding it was a Jackson technician that first discovered something wasn’t right.

“Unusual activity on the network where things were trying to come out of the network,” said Superintendent of the Jackson County Intermediate School District, Kevin Oxley.

Oxley says his team pulled the plug as soon as a breach was noticed.

“Fast action from law enforcement and then simultaneously fast action from the restoration team.”

With the investigation now complete officials believe the international group known as the ‘Hive’ found a window into the network and looked for personal information to sell on the dark web.

“The information you know that would really be sensitive like social security numbers, things of that nature,” said Oxley.

Third-party investigators do say a small number of people had some data improperly accessed at the time but they found no evidence of any information being misused.

“We don’t believe that there is any information available after the forensics was done,” said Oxley. 

Additionally, the information accessed was extremely limited. Anyone affected has already been notified by investigators. Before being caught, the FBI says the hive was responsible for attacks that affected more than 1,500 other victims in more than 80 countries including school districts in California. The FBI also covertly infiltrated the group and since last summer prevented victims from paying around $130 million in ransom demands.

In Jackson, Oxley wants parents to know that improvements have been made to make cyber defenses stronger.

“Since that time we have worked very hard to put manage detection and response systems in place, endpoint detection on all of the devices that are used. It’s 24/7 365 days a year.”