Ransomware holds schools hostage: 'Now give us Bitcoin worth $129k, er, $124k, wait ...'

'It's like being in 1981' says district boss

A New Jersey school district in the US has been held hostage by ransomware that has apparently demanded hundreds of Bitcoins to end the situation.

Teachers, staff and kids in Swedesboro-Woolwich school district have been unable to access their computer files in classrooms as a result of a network-wide security compromise, The South Jersey Times reports. Systems from lunch registers in canteens to email servers have been taken offline.

Located in southwestern New Jersey, the district has at least 1,700 students in four schools in grades K-6 (that's primary or elementary school).

The attack is said to have started on Saturday morning. It sounds as though the malware was able to infiltrate computer after computer, or perhaps central file servers, on the network, encrypt all the data it could find, and then demand money for the decryption keys.

It is likely off-the-shelf ransomware was accidentally installed from a booby-trapped email attachment, and then spread across the whole network encrypting every document it could lay its hands on. Given the reported size of the ransom, though, it's possible the district was specifically targeted by crooks.

"Once discovered, the district took steps to contain the infection and began the process of cleansing and rebuilding," officials wrote on the district's website. After the software nasty attacked PDFs, emails, spreadsheets and more, the schools were "operating like it's 1981," superintendent Terry Van Zoeren said.

"The files affected were mainly Word documents, Excel spreadsheets and PDFs created by staff members," district officials added.

"Data in the student information system as well as other applications is stored offsite on hosted servers, and was not affected by the virus.

"Encrypted files were restored from backup to their original state. Servers were restored to remove any trace of the malware. Email and other systems are being restored as quickly as possible."

The malware demanded 500 Bitcoins, Van Zoeren said, a ransom that becomes a better deal for the schools with each passing day, due the sliding BTC-USD conversion rate. We assume 500 BTC is correct, and the superintendent didn't mean $500 in Bitcoin.

The cryptocurrency has been the favored loot of ransomware miscreants as it can be difficult (but not impossible) to trace. The popularity has waned, however, as the price per BTC has declined.

According to tracking site Coindesk, since the demands were made, the value of 500 BTC has dropped from $129,500 (£87,300) to about $124,000 (£83,592) in a few days. At this rate, if the district can hold out another couple weeks they could get the ransom down to five figures (in dollars) – although the downtime could prove overly costly in many other ways.

In the meantime, however, the South Jersey Times reports that the school district has had to put off scheduled standardized tests while they steam clean the network. The district has also called in the New Jersey State Police and the FBI to investigate the attack. ®

Biting the hand that feeds IT © 1998–2020