News

How hackers held a district hostage for almost $10,000

By Bridget McCrea
June 8th, 2016

ransomware-schools

Think ransoms are only paid out to rescue victims of kidnappings? Think again.

Imagine walking into your office one morning and finding some (or all) of your district’s computer files “padlocked” and inaccessible. In the corner, a masked man is standing with his hand out, demanding an $8,000-$10,000 ransom payment. When he gets the money, he’ll hand over the key to the padlock. If you choose not to pay, then you’ll spend the next few months trying to pick the lock while teachers, students, and administrators are forced to work without their modern technology.

This is essentially what happened to Horry County Schools (HCS) of Conway, S.C., earlier this year. Using a type of malicious software designed to block access to a computer system until a sum of money is paid (aka, “ransomware”), on February 8 hackers used high-level encryption to lock up the district’s data. The criminals then held that data for ransom and demanded the district pay nearly $10,000 via Bitcoin for the encryption key.

Charles Hucks, executive director of technology, says the district had experienced a few breaches during the months leading up to the attack, but nothing of this magnitude. “A few devices of teachers were hit and some of their local files were encrypted,” says Hucks. “In some cases network-based files on individual directories were also encrypted, but the impact of those attacks was very limited. They were isolated incidents.”

Attacks are on the rise

Ransomware attacks are on the rise. According to a recent PhishMe analysis of phishing email campaigns (i.e., a deceptive attempt to pose as a reputable entity via email), during the first three months of 2016 there were 6.3 million more phishing attacks than there were during the same period last year. This represents a 789% increase that’s primarily due to an upsurgence in ransomware.

“Thus far in 2016, we have recorded an unprecedented rise in encryption ransomware attacks, and we see no signs of this trend abating,” explained Rohyt Belani, CEO and co-founder of PhishMe, in Infosecurity Magazine’s Ransomware Sends Phishing Volumes up Almost 800%. “Individuals, small- and medium-sized businesses, hospitals, and global enterprises are all faced with the reality that this is now one of the most favored cyber-criminal enterprises.”

On February 8, a day that will forever be known as “Day Zero,” these statistics came to life at Horry County Schools. Entering the district’s network through an older server still used by the construction/facility department—but that was no longer being maintained or supported by its developer—the criminals installed the ransomware and sat back as it wreaked havoc on student, teacher, and administrative files.

“It was much worse than anything we’d seen before,” says Hucks, whose team was forced to shut down more than 100 servers and systems in order to keep the virus from spreading. As a result, the 42,000-student district was thrown into the dark ages and forced to work without the laptops, tablets, and other devices that it was accustomed to using.

Next page: Solving the problem