RVC School District Victim of Ransomware Attack

Recently the Rockville Centre school district paid almost $100,000 in ransom when their data was stolen due to a hacking incident. The ransomware in question is Ryuk, the same ransomware that breached Mineola’s school district in early August and several other districts’ servers. The Rockville Centre school’s insurance paid nearly 100k and can restore all of their data within the next few weeks whereas the Mineola school district had an offline backup that kept them from paying the hackers.

A Newsday article written by Joie Tyrrell quotes the Rockville Centre superintendent William Johnson.

“… nobody wants to pay anything, but if they encrypted the files and [we] don’t have access to them, it is difficult to run a school district without any historical data or emails, most of which were encrypted.”

Source: Rockville Centre pays almost $100G to hackers after ransomware attack, officials say. https://nwsdy.li/2NsTi6c via Newsday

On July 31st, the New York State Education Department sent out a cybersecurity threat notice to all districts stating that four schools had been reported of cyber breaches, Rockville Centre being one of them. The Ryuk virus that attacked the schools is engineered to encrypt data, and data backups as well, so the holder will have to pay a ransom to get their data back.

Ransomware amounts have increased by 90% since the beginning of Q1 2019 as ransomware like Ryuk, Bitpaymer, and lencrypt become more expensive to purchase, says The Block (theblockcrypto.com). Any company that holds personally identifiable information (PII) would pay an average of $80,000, not including additional fees such as credit monitoring for clients’ whose data was leaked, class action and individual lawsuits, legal fees to handle a breach, and the cost of operational downtime.

Fortunately, the hackers did not breach the business portal, so no personal information was leaked. All cybersecurity disaster recovery precautions were followed. The affected districts reported the attacks to law enforcement and got in contact with the Cyber Incident Response Team and New York’s Intelligence Center in hopes to mitigate the attack. The affected districts will have their servers completely restored in the coming weeks.

Even though it was reported that no personally identifiable information was leaked, the affected schools still had to notify the parents of the breach. Some schools are even offering a year worth of credit monitoring for the affected persons. This is mitigation for a breach that didn’t involve personal information, but what do companies do when personal information is compromised and what do hackers do with this information?

Hackers buy or sell the information on the Dark Web, which is a separate, hidden part of the “World Wide Web” that is concealed from conventional search engines where cybercriminals can operate anonymously. The hackers use the information that is bought or sold to open up credit cards, wire money out of your bank account, or steal your identity. There are hundreds of websites, “exploit kits,” how-to information and services being sold to assist hackers. Furthermore, the malware that these hackers are using are polymorphic and can change its code to evade detection.

The first step in protecting yourself and your business is getting a network health check, which is where most businesses find that they are hacked. The next step to protecting yourself is to collaborate with your IT manager or an outsourced cybersecurity company to build a disaster recovery plan that includes regular data backups, patch installation, and continuous server monitoring. After these precautions have been implemented, maintaining your cybersecurity defenses is a priority whether it be your in house IT manager or an outsourced cybersecurity company.