One Texas school district admits cybercriminals hacked into their records multiple times and across 20 of its campuses, attempting to hold data for ransom. To their knowledge, no pertinent confidential student data was seized; however, the news of these attacks has some parents worried.
The North East Independent School District in San Antonio confirmed that ransomware, a type of malware or virus that holds computer data hostage, attacked the online records of 20 district campuses in several incidents. Typically, ransomware encrypts data, locking up computers, and forces victims to pay “ransom” to be able to get their own files back.
According to Reuters, hackers demand payments that often range from $200 to $600 to unlock each infected PC. They reported Adobe Systems, Inc., issued an emergency update Thursday for its Flash software for internet browsers after researchers found a security bug through which ransomware was delivered to Window PC users in alleged “drive by” attacks that infected computers with ransomware on tainted websites. The company urged more than 1 billion Flash users on Window, Mac, Chrome, and Linux to update the product immediately.
North East ISD was lucky this time. District officials said they did not have to pay to retrieve their data. “As far as we know, there was no sensitive information that could have been compromised,” district spokeswoman Aubrey Chancellor told local CBS affiliate KENS 5. “There was just really a small amount of data lost.”
Still, cybercriminals seized 2.5 terabytes of encrypted data in three separate ransomware incidents over the past two months, affecting two departments, according to the local TV news report. District officials insisted no personal information about any student was compromised. Chancellor did not say what data was lost or seized or in what department. Given that the safety of networked and cloud-stored student data is paramount, Breitbart Texas reached out to the spokeswoman.
Chancellor told Breitbart Texas, “We did not have any information that was compromised. Our problem was simply that files were not initially accessible. Once the files were deleted – they were restored with backup data.”
One complaint critics have about online encrypted data storage is that these files, once decoded, can contain personally identifiable student information. Parents of publicly educated school children submit a wide range of personal information to their school districts. That often includes birth certificates, Social Security numbers, inoculation and other relevant medical records, plus details such as home addresses, parent work information and, even, utility bills, the latter which are used for proof of district residency.
A parent of a North East ISD high school student addressed her concerns over how much personal data is at stake when hackers attack. She told KENS 5: “You’ve got to give them a copy of their birth certificate, your shot records, your Social Security numbers, address… so there’s quite a bit of personal information that’s given of the parent and student.”
In light of the news of the ransomware attacks, this parent added: “I think it, at least, helps me to assume they are doing everything they can to prevent that from being anything further than that.”
The district says it is in the process of formulating a ransomware awareness strategy going forward to handle possible future incidents before they get a chance to happen again.
A coastal South Carolina school district was not so lucky. Its technology director, Charles Hucks, spoke to CNN Money about their recent ransomware attack that spread like wildfire across the network, freezing up to 60 percent of the school district’s computers before he could shut down the system.
Hucks said the hackers’ message read: “Hey you want to free your data? Pay us.”
After the district paid the equivalent of $10,000 in a Bitcoin account, the nameless and faceless cybercriminals freed the school computer system.
Experts believe much cybercrime originates out of Eastern Europe or the Russian Federation and they target small and mid-sized institutions. According to the CNN report, the FBI says they received 2,453 complaints about ransomware attacks last year, costing victims more than $24 million dollars.
Follow Merrill Hope on Twitter @OutOfTheBoxMom.