Ransomware attacks have been happening more and more often and continue to hit federal, state and local government agencies across the United States. Ransomware attacks have hit at least 170 county, city, or state government systems in the United States from 2013 through July 2019. About 22 of those attacks occurred in the first half of 2019, according to The U.S. Conference of Mayors. Recently, we even saw a Long Island, New York school district pay hackers nearly $100,000 to restore their data after being hacked with a ransomware virus that encrypted files on the school district’s server. In addition to that, 23 Texas towns have been hit by a coordinated ransomware attack, according to the states Department of information Resources.
As a reminder of what exactly ransomware is, Ransomware is a type of malicious software, often delivered by email, that locks up an organization’s systems until a ransom is paid. In many cases, ransomware significantly damages computer hardware and linked machinery and leads to days or weeks with systems offline, which is why it can be so costly.
Now let’s take a deeper look into the Rockville Centre school district ransomware attack. After being hit with a Ryuk ransomware attack, the district was forced to pay nearly $100,000 to the attackers as a result of the district’s files being encrypted on their server. Rockville Centre’s school insurance policy covered the $100,000 payment with help from the school’s insurance carrier that helped arrange payment to the hackers. The school has received decryption instructions but the data recovery process is still ongoing.
The same ransomware has been reported to hit a neighboring school district in Mineola, New York. Luckily for Mineola, the district did not pay the ransom and was able to retrieve data from backups. Mineola school district did report that they discovered that the virus was designed to encrypt the backup as well. Fortunately, the district had taken the backup offline over the summer to do some work and officials had a full backup to rebuild the network.
The New York State Education Department on July 29th requested that its regional information centers and Big 5 school systems — Buffalo, Rochester, Syracuse, Yonkers and New York City — take the state’s data warehouse offline to scan for malware and vulnerabilities and did send a notice to all districts on July 31st about a cybersecurity threat reported in four districts: Syracuse, Watertown, Lansing and Rockville Centre.
In the recent Texas ransomware attacks, it is reported that the attacks were on smaller local governments and that Texas is being assisted by numerous federal and state agencies, including FEMA, the Department of Homeland Security, Texas A&M’s Information Technology and Electronic Crime Unit and the Texas Military Department, which includes branches of the National Guard.
As we continue to see ransomware still at an all-time high, we cannot stress enough and encourage all organizations to practice and keep their cybersecurity policies up to date. If you would like to learn more about what you can do to better secure your data, feel free to reach out.