No ransom paid in county schools’ cyber attack
Recovery from a cyber attack on the Lincoln County School District in November is nearly complete, and without yielding to the hackers’ ransom demands.
A ransomware attack Nov. 4 shut down technology in the district. Phone lines and internet Wi-Fi were knocked out and files on infected computers were scrambled. Trustees at a special-called board meeting Nov. 7 voted to hire CrowdStrike to implement measures to prevent further attacks and mitigate the current one and Codeware to act as a liaison, negotiating with the hackers who brought the system down and ultimately paying the ransom if the board decides that it is necessary to do so.
In the end, no ransom was paid.
“The ransom amounts were negotiated by our legal counsel,” Superintendent Mickey Myers said. “No ransom was ultimately paid. We do have cyber insurance in place that assisted in our response to the incident, but any decision as to coverage would be made by the insurance carrier, not the Lincoln County School District.”
Myers said the two vendors retained to assist in the recovery were paid by the district’s insurance carrier.
The ransomware attack used encryption — a technology meant to protect data and communications — against the district. Important files on the infected computers were scrambled to be unreadable. The idea of electronic encryption is similar to the Caesar cipher most people learned in school, but far more sophisticated. Without a key, it is practically impossible to decrypt the files.
A group of hackers then emailed the district demanding a ransom for the decryption key. The attackers demanded payment in the form of cryptocurrency, an electronic alternative to traditional money that can be difficult or impossible to trace.
IT Director Kenneth Wallace said many teachers backed up their files on OneDrive, a backup service built into Windows 10, which provided them with a safe copy. But, while the IT department has stressed the importance of backing up files, not all teachers did so.
Myers said all key systems in the district are now operational.
“Some ancillary systems are still in the process of being restored by our IT staff,” he said.