Ransomware operators have breached yet another school district in the United States, demanding ransom to unlock the district’s data. But this time, the district was prepared.
Ransom notes started shooting out of printers in the Ava School District in the State of Missouri earlier this week, reports local news station KY3. When IT staff realized it was under ransomware attack, they immediately took the network offline. While some data got encrypted, the district was well prepared to recover.
“Ava uses encrypted data, stores information on off-site servers and has a good backup system, so the district’s financial, employee and student information was never threatened,” according to the report.
Superintendent Dr. Jason Dial told reporters he doesn’t think the hackers got hold of the district’s data. However, district employees have enlisted the help of an unnamed cybersecurity company “to ensure that no important information was stolen during the hack.”
“It could have been a lot worse,” Dial said. “We still got compromised.”
Asked if the district would have paid ransom if recovery were impossible, the Superintendent said “We would have not have done that. We’re not in that business.”
The school district also has insurance covering cyber-attacks.
“We found some holes. We’re in the middle of fixing those. We knew some were there, that we were in the middle of fixing anyway. So we feel really comfortable about moving forward,” Dial added.
The attack on Ava is the latest in a long string of ransomware infections across government and educational institutions in the United States this year. So far in 2019, ransomware operators (probably the same ones) have breached 70 national infrastructures.
Ava officials wouldn’t say what ransomware strain was used in the attack, but many of the US infrastructures targeted this year were infected with Ryuk, a ransomware strain specifically used to target enterprise environments and critical infrastructures.