Skip to content ↓ | Skip to navigation ↓

Ransomware attackers demanded $19,000 from a California school district for a decryption key that would unlock its encrypted data.

Over the weekend of 16 September 2017, an unknown group of actors gave a $19,000 ultimatum to the San Ysidro School District, a public school district located in San Diego County, California. The demand followed a ransomware attack that encrypted shared files as well as emails the district handled between 18 August 2017 and 17 September 2017. IT staff have not found any evidence to suggest the attack compromised sensitive data of staff, teachers, administrators, or students.

The infection occurred sometime during the summer while the district was busy transitioning its website and email system to a new domain and updating some of its computer’s operating systems.

As of this writing, no one associated with the investigation of the attack has disclosed an infection vector for the ransomware.

Fortunately, the San Ysidro School District had working data backups in place, so it was able to restore access to its data without paying the ransom. Now its technology staff are working their way through the district’s workstations to verify that none of them are infected. Todd Lewis, San Ysidro’s director of technology, told the work is going smoothly:

“At this point we’re in a pretty good place. We’re just being very safe and very cautious as we want to make sure it’s off all the workstations before we open up connectivity.”

Digital attackers are increasingly targeting schools with ransomware and extortion-based schemes. Earlier in September, more than three dozen schools based in Flathead County, Montana canceled classes after receiving threats from a digital extortionist. The actor, which might actually be The Dark Overlord hacking group, threatened to leak contact information of teachers, staff, and students stolen from Columbia Falls School District unless the district agreed to pay $150,000 within a year’s time.

The FBI is still investigating that instance of data theft.

Given the growing number of digital threats targeting them, it’s up to educational institutions to bolster their security measures. First, they should follow San Ysidro School District’s lead and back up their critical data on a regular basis. Second, they should seek to prevent a ransomware infection by following digital security best practices, such as creating a vulnerability management program to address known software flaws on a timely basis.

For information on how Tripwire’s solutions can help mature your organization’s vulnerability management processes, please click here.