N.Y. school district pays nearly $100K to unlock its data following ransomware attack

The Rockville Centre school district paid almost $100,000 to restore its data after being hacked with a ransomware virus that encrypted files on the system’s server until payment was made to unlock the information, officials said.

The Nassau County district was among several statewide targeted by a ransomware virus that encrypts data, essentially locking users out of access to their files. Mineola’s server was corrupted by the same ransomware, known as “Ryuk,” but the district said it did not have to pay a ransom to unlock data because it had everything backed up offline.
Rockville Centre Superintendent, William Johnson, said the payment, covered by the school’s insurance, was necessary to restore the district’s communications systems, as well as other data needed to run day-to-day operations after the cyberattack in July.

Ransomware has threatened several large governments and schools throughout the country and is believed to be coming out of Eastern Europe, according to news reports. Ransomware is a malware that targets data and systems for extortion and is delivered through targeted phishing emails, according to the FBI. After the user has been locked out of the data or system, there is a demand for payment, the agency said.

Robert Dillon, superintendent of Nassau BOCES, which provides technological services and support to 56 school districts, said ransomware “is introduced innocently into an organization as an email,” and an employee mistakenly opens it and clicks on a link, or opens an attachment. “And the malware enters your system to find a place to hide, and at a future time it erupts and corrupts your system. The people who send it, they sell it to a third party, which encrypts it, and then a ransom is demanded.”

The state Education Department sent a notice to all districts July 31 about a cybersecurity threat reported in four districts: Syracuse, Watertown, Lansing and Rockville Centre. Officials advised “educational agencies that believe they may be compromised/infected with ransomware” to contact several agencies, including the state’s Division of Homeland Security and Emergency Services. The attack crippled the Syracuse city school district’s computer system in July, according to news reports.

In Rockville Centre, Johnson said the district caught the virus before it encrypted all the files when its technology director noticed an issue with email and “literally pulled the plug” on the entire system. Officials worked with the insurance carrier to help arrange payment to the hackers. As a precaution, the state Education Department on July 29 requested that its regional information centers and Big 5 school systems — Buffalo, Rochester, Syracuse, Yonkers and New York City — take the state’s data warehouse offline to scan for malware and vulnerabilities.