A school district in South Carolina lost access to data on close to half of the servers in its data center sometime over the summer. In what the district characterized as a ransomware attack, data on the servers was encrypted and as a result made inaccessible by its staff, Dorchester School District Two said in a statement, assuring student and staff that no personal information had been compromised.
“A thorough investigation determined this was a ransom request and there was no identity theft involved and no student or staff information had been accessed or compromised,” the statement read.
After negotiations (presumably with the attackers), the district paid a $2,900 ransom to decrypt the files.
Ransomware attacks, where the attackers demand money (usually in the form of cryptocurrency) in exchange for giving the victim access to their data, have become commonplace in recent years, most of them targeting individual users. But attacks on organizations have been on the rise.
Earlier this year, two global-scale ransomware attacks targeted organizations large and small. The so-called WannaCry attack in May spread across more than 150 countries, affecting among others Britain’s National Health Service. The following month, a second attack, which spread a virus called Petya, affected healthcare providers around the world, as well as companies like Maersk and FedEx.
The Dorchester school district did not specify when the attack on its data center occurred. As of this week, data on 24 of the 25 affected servers had been retrieved and restored – result of the ransom payment, according to the district.
District and school staff have been re-entering data on the remaining corrupted server manually, transferring it from hard copies, save for the data of 32 students, whose information was not available in hard-copy form.
The school board contracted with a technology company to conduct a security assessment of the district’s network and make recommendations for improvements.