[BreachExchange] Morgan County Schools’ computers hit by holiday ransomware attack

Wed Jul 14 11:34:59 EDT 2021

https://www.morganmessenger.com/2021/07/14/morgan-county-schools-computers-hit-by-holiday-ransomware-attack/

Morgan County Schools was one of many victims of a massive Fourth of July
weekend ransomware attack that struck businesses and agencies nationally
and around the globe.

A Russian-based hacker group initially demanded $70 million to stop the
cyberattack.

School Superintendent Kristen Tuttle said at a July 6 school board meeting
that the hack occurred on Friday, July 2 and was contained to some of their
office computers.  Some individual machines were infected and some files
were locked from the attack.  The group behind the hack wants school
officials to pay money for the files to be released.

On social media, school officials said the attack was contained to their
“internal network environment.”

Morgan County Schools’ technology department worked around the clock to
deal with the issue for several days, Tuttle said.  Their internet servers
are all stable.

Technology personnel checked all the computers in the school board office.
They’re now going through computers at all the schools to see which
machines have been infected, she said.

Kaseya, a Florida software company whose subsidiaries   remotely handle
security and IT infrastructure for small businesses and public agencies,
was hacked last Friday.

Ransomware was embedded in a software tool.  Computers were infected with
the ransomware when they downloaded updates, Tuttle said.

Kaseya is a security company that is paid to protect networks, she said.
They are working with several technology partners and Kaseya to resolve the
situation and assess the extent of the hack and damage.  Some lost a lot of
files. The FBI is also involved in the investigation. Those hit by the
attack were not advised to pay the ransom.

Tuttle said in a phone call late last week that school officials are still
figuring out how many computers were affected by the ransomware attack.  If
the computers were on, they could’ve been compromised. The tech department
is sweeping all the school computers now for malware.

Tuttle noted that some individual machines may need new hard drives.  Some
files have been recovered and some have not.  County school officials have
contacted BRIM, the West Virginia Board of Risk and Insurance Management,
and made a claim, which they hope will cover some of the damages.

In response to questions from The Morgan Messenger on Monday if any student
or employee information was involved in the ransomware attack, Morgan
County School Board president Aaron Close said that the ransomware
cyberattack is under investigation and they can’t speak to the types of
files that may have been compromised.

The cyberattackers have files locked up and nothing has been released. Once
school officials figure out the extent of the damage, the school system is
required to release a statement about it, he said.   If the school system
is made aware that any personal information has been lost, they will
individually reach out to those people. At this time, Close said they are
unaware of any personal information that has been lost.

“We survived COVID, now it’s ransomware.  We’ll work through it,” Tuttle
stressed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210714/6abe016c/attachment.html>