Pleasant Valley reports ransomware attack
The Pleasant Valley School District is investigating a ransomware computer virus that infected its system on Aug. 14, a couple weeks before the first day of school.
School district staff restored the system from a backup the same day and did not interact with or pay the hackers, Director of Technology Lee Lesisko said.
Printing was working again by the second day, and within two weeks the technology department got everything back to normal for staff and students, Lesisko said. No data has been compromised.
Network Administrator Alex Sterenchock found the Ryuk virus when he recognized an irregular file on the system console early on Aug. 14, according to a report at the building and grounds meeting last month.
Eleven servers were infected and all but four have been restored, according to the report.
Ransomware is a kind of malicious software that encrypts an organization’s data, making it unusable. The hackers demand that the organization pay them to release its data.
Pleasant Valley staff found two emails from hackers with an HTML file that they didn’t open, Lesisko said. The addresses came from Russia and Korea.
Lesisko believes that someone clicked a link on their email, letting the virus into the school district’s system. The virus got into the system in the middle of June and didn’t activate until August.
The cost is $22,000 in fees and forensics and $10,000 for reconstruction of the four remaining servers as of Sept. 13.
Pleasant Valley’s insurance will cover the costs with a $15,000 deductible. The school district is working with a forensics company through the insurance to determine what happened and to make sure the virus is totally eradicated from the system.
“The bottom line is, I don’t want it to happen again,” Lesisko said. “It’s a shame that people extort money from school districts and taxpayers by doing something like this.”
The school district is looking into buying another scanning software in addition to TrendMicro, its current software, to protect against this kind of attack in the future, Lesisko said.
On opening day, Lesisko reminded school district staff not to click on suspicious links. If they don’t know who sent the email, they should erase it, he said.
Lesisko emphasized how well the district’s technology staff responded to the emergency and got the computer system running again within hours of the malware attack.
“Nothing has been lost, and because of the quality support people that we have here it worked,” he said.