BreachExchange mailing list archives
Rockville Centre Schools Pay $90, 000 Ransom To Hackers
From: Destry Winant <destry () riskbasedsecurity com>
Date: Wed, 28 Aug 2019 01:13:48 -0500
https://patch.com/new-york/rockvillecentre/rockville-centre-schools-pay-90-000-ransom-hackers Late last week, Rockville Centre School District officials disclosed to the public that the district paid nearly $90,000 in ransom to hackers that had encrypted all of the district's files. According to school officials, on Thursday, July 25, the district was attacked by the Ryuk computer virus, which encrypts all of the files on networks it infects. The hackers who uploaded the virus then demanded a payment to give the district the decryption key so it could regain access to the files. This kind of attack, known as ransomware, is becoming increasingly common. It has affected schools, businesses, hospitals and more around the world in recent years. On the morning of July 26, the district's director of technology noticed a problem with the email system and shut it down, the district said, which limited the damage to the district's systems. After the shutdown, the district said it contacted the Rockville Centre Police Department, the FBI and the Department of Homeland Security (DHS). "[The FBI and DHS] were instrumental in helping us identify the virus which may have entered this system as early as March 2019 and lay dormant in the system until July 25, 2019," the district wrote. "Neither agency, however, had a decryption tool that would effectively enable us to restore our data and emails and no other aid was offered to us." The district's insurance carrier covers cyber attacks. After exploring options, the district determined that paying the ransom requested by the hackers would be much more cost efficient than trying to recover and decrypt all of their files. Because the district was able to stop part of the attack, the ransom was lowered from $176,000 to $88,000. The district paid a $10,000 deductible to its insurance company, which covered the rest of the ransom. The district said that, because its insurance deductibles are calculated as part of the budget, there was no new cost to taxpayers. No information was stolen, the district said. The FBI and DHS carefully reviewed the school's systems and determined that no student or teacher information was taken. The goal of the attack was to make the district pay to get access to its data again, not to steal it. "Our priority now is to learn from this experience and use this knowledge to find, if available, a more robust backup system that can avoid intrusion by outside viruses," the district wrote. "We will work with our board and cyber security experts, including Homeland Security and the FBI, over the next few months to determine ways of securing more effective antiviral and backup systems for the district." Because the district regained access to all of its files, the attack will not affect the opening of school the district said. The district is still working to clean any traces of the virus from its systems, but expects to have all of the files cleared by the start of school, and all the email cleared soon after. The Board of Education is holding the first meeting of the new school year on Sept. 5, and there will be a discussion of the attack and the decision to pay the ransom. The public is invited to attend to hear from the board and to voice any concerns they may have. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Rockville Centre Schools Pay $90, 000 Ransom To Hackers Destry Winant (Aug 28)