Slashdot Mirror
NJ School District Hit With Ransomware-For-Bitcoins Scheme
An anonymous reader sends news that unidentified hackers are
demanding 500 bitcoins, currently worth about $128,000, from administrators of a New Jersey school district. Four elementary schools in Swedesboro-Woolwich School District, which enroll more than 1,700 students, are now locked out of certain tasks: "Without working computers, teachers cannot take attendance, access phone numbers or records, and students cannot purchase food in cafeterias. Also, [district superintendent Dr. Terry C. Van Zoeren] explained, parents cannot receive emails with students grades and other information." According to this blog post from security company BatBlue, the district has been forced to postpone the Common Core-mandated PARCC state exams, too. Small comfort: "Fortunately the Superintendent told CBS 3’s Walt Hunter the hackers, using a program called Ransomware, did not access any personal information about students, families or teachers." Perhaps the administrators can take heart: Ransomware makers are, apparently, starting to focus more on product support; payment plans are probably on the way.
...they went after these criminals.
If our government actually did something about stuff like this, I think people would believe in their government a bit more, but as it stands, it seems like the NSA and such only want to either spy on us or topple governments that don't tow the line for the US.
I cannot imagine that finding these criminals is beyond the abilities of the US Government, it just seems like they don't even try.
Don't they know that NJ is insolvent?
used to get fake threats during exams. this ain't a fake.
>> the Superintendent (said) the hackers did not access any personal information about students, families or teachers
He knows this because the hackers told him?
Maybe 200-500 computers. Is the ransom higher than what it would cost to replace everything? (maybe not enough to replace them with Macs, but Linux and Chromebooks are possible). How many computers does a district with 1700 students really need to get the basics done?
Just seems like a steep ransom to me. Especially since if I replaced all the computers, the old equipment is worth something and I could probably auction it off.
The data is gone if you don't pay the ransom (or crack the encryption). Sadly I don't have a way to resolve that problem, other than to start over again and hopefully anything important has backups. (ideally in a form that doesn't spread infection)
“Common sense is not so common.” — Voltaire
why didn't they just install some mining software? Sure, it's going to take a while to mine 500 bitcoins, but nobody would have ever known they were there. Instead they take the showboating route. it's like they need to know people know about them to stroke their egos. I bet they deliver some bloated soliloquy at a key moment and ruin their entire plan.
Why would the NSA have to reveal anything? I'm imagine they are "taken care of" in a way that means revealing nothing.
We're already assassinating leaders of terrorist groups. I don't know why ransomware rings affecting government institutions would not qualify.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
No backup system to restore from? Systems linked that should not be linked together? As for classroom computers, fuck it, reimage those suckers. This should not be happening and in the IT dept. heads need to roll. I'm head of IT for a school board and I'm telling you that this should not have happened or at the very least the affected number of computers should be much lower.
OMG, the computerz, they iz broked! What will we do?
Without computers, teachers cannot take attendance, access phone numbers or records, or email grades to parents? Whatever happened to good old pen and paper? provide or have the teachers buy a few notebooks. Write things down. Send the kids home with their graded tests to be signed by the parents.
Do things the old fashioned way for a few days until the system can be restored from backups. You DO back up your records, don't you?
Can't buy lunch? Seriously? Are your cafeteria staff that poorly educated that they can't do the simple mental math to give change without a register telling them how much to give?
Pathetic.
This is a great time to consider swapping out Windows-centric systems and making the break for the cloud and open source toolsets. There, I said it. The only thing lacking in this niche is inertia, but.. soon the schools will figure out that the students are intelligent and can be involved in the configuration/maintenance. Ok. well..maybe not K-12, but quite possibly grades 9-12. Whats local doesn't matter - this changes so much. Put data in a school cloud, and the schools will become just another place that hooks into the cloud resources. The pendulum swings again!
Time for a new Political party in the US (or two!) One is off the rails Other cant pony up a leader.
I can't understand in a case like this why they can't restore the system from some earlier backup (well, I can, but it seems absurd they are not able to).
If nothing else just whip the system and re-install software. It seems like they could recover email addresses from servers the emails went through before... perhaps they would be without some records but you can't go on like this. Even if you pay the demands and unlock everything you'd have to reinstall everything from scratch anyway.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
It sounds like this is something would would be noticed shortly after they were locked out. If so, then why not just recover from nightly backups to the point prior to being locked out. You shouldn't lose much data, if any, assuming that it was caught right after being locked out.
Of course, this all falls down if they weren't doing proper backups.
With every passing day and every new incident, it becomes clearer and clearer that we really have only one option when it comes to operating system software: OpenBSD.
OpenBSD has proven itself, over many years, to be extraordinarily secure and robust. The OpenBSD developers don't treat security as an afterthought; it's their primary concern. That's why it's such a solid OS, and about as secure as one could ever hope to get.
While it isn't always possible to retroactively fix mistakes, like using non-OpenBSD operating systems, it's always possible to do things properly going forward. That's why anyone who is implementing a computer system or network of any kind needs to do the responsible thing, and use OpenBSD.
OpenBSD is the only option at this point. Pretty much every other major OS out there has shown that it can't reliably stand against the kind of threats that OpenBSD defeats with ease.
OpenBSD really is the only sensible choice.
It's funny that schools got along without computers for thousands of years, now all of a sudden they're required. Well how about going the non electronic route until the problem is solved...... not that hard to figure out.
The US government needs to immediately make it illegal to pay these types of ransoms. You have no idea what group is collecting the money or what they're going to do with it so just simply make it illegal. That will stop most of these ransoms from happening.
None of what they are unable to do now even requires computers. Just get out your fucking pencils and carry on.
My wife's district uses Microsoft Dynamics, and the piece of garbage, that has never printed a correct pay check, lost its activation so the district could no longer print pay checks, accept payments for lunch, pay bills, etc.. They couldn't even look-up contact info for vendors to call them to give them a heads-up about the late payments. Microsoft really fucks over people with their activation garbage. This isn't like the rest of us that have to suffer with the Office garbage losing its activation so we can't open a Word doc. This is Microsoft holding large organizations hostage with demands for more money. They changed their support fees after the fact. I'm still trying to fix the problems caused with my wife's delayed deposit and NSF fees.
Make the attackers go through the school district's purchase order approval process to get their money. The computers will be restored in a few months with no payout.
This suspiciously sounds like CryptoWall. I'd be willing to bet that an admin or other highly privileged user got infected and had the keys to the kingdom sitting on a mounted network drive.
I think they'd come out ahead if they nixed the testing, and used the savings to pay the ransom -- and in the intervening period actually teach the kids. As in teach, not teach to the test.
Here's a better idea, offer a bounty of $50k to pwn the shit out of these little script kiddies. I am sure that with enough eyes in the hacker community on the Ransomware and the vector used to deliver it they could out the perpetrators. Once the perpetrators are identified (in some backwater 3rd world country no doubt) offer the other $200k to Blackwater or other mercenary groups to go in and "liquidate" with extreme prejudice. Make sure that it makes the headlines in international news that a "Ransomware group got whacked" There's no way that a public school would do this, but if businesses start to get hit, you can bet that a scenario like this will play out. Once word gets out that doing this shit will get you killed, it will end, much like the Somali pirates after the US navy got involved.
I'm a legitimate businessman!
Oh look, Cryptowall/Cryptolocker hits a school/business/home/whatever.
Shoulda had AV installed. Shoulda had backups.
surely it is the FBI who would have jurisdiction in a case such as this.
All these problems could be prevented by-
1. Running as a low privileged user, NOT administrator with root powers. Might be tough on Windows, but so is having all your computer ransomed.
2. Back-ups of vital data. If you have paroper back-ups, nuke the disks and reinstall, or restore images and back-ups of the files.
Windows encourages bad practices. Did you ever see a ready build PC with all the data on a separate derive or partition? No, they make it so a re-install makes you lose all your data.
This has been happening since at least a year ago. There's nothing at all about this story that raises it to the level of "news"
Why didn't they simply restore backup images? If they are too lazy to have set up a server that automatically backs up images incrementally they need to fire the entire administrative staff and bring on thinking people that can properly prepare for disaster recovery.
Have gnu, will travel.
Took over the Germanwings autopilot.
The Schools? Eh, this is what happens when using cheap commodity hardware and software.
Offline backups and live images.
infected? shut down the network, reboot the image on the system. Restore lost data from offline backups.
Find the hole (likely some dumbass that has already been told 37,000,000 times to quit opening strange attachments- fire them with extreme prejudice), fix it, and put it all back online.
No ransom paid, minimal if any loss, and this trend dies off like it should have the day it was born.
One can only wonder how difficult it was to teach highschool before computers.
How did our ancestors manage?
Perhaps the same sys-admin that worked at NASA a while back, started working for this NJ school system.
Taking the headliner here at face value...
-can't take attendance? hard copy, manual!
-phone numbers & records? hello! hard copy!
I could go on, but it's like these people turned dumb when all this technology took over! Do the administrators, and teachers likely, even have a neuron between them? Wow!
What if we get ransomware combined with the firmware level exploits as seen in the "Equation Group" hacks.
Shudder.
The only unique aspect is that they are demanding bitcoins...
Just restore from backups... Oh? You don't have any recent backups? I know who has a pink slip on the way... ;-)
An earlier generation of this malware used Windows built-in crypto, I think Elcomsoft put out a tool to extract the keys back out of the repository and decrypt the files yourself. Are newer versions of the ransomware using their own keys or encryption engines?
How does an infection on school computers affect parents ability to receive e-mails? Is gmail infected, too?
What did the ransomware actually do?
Reading between the lines here, my interpretation is that the school district doesn't have usable backups.
Bitcoins are tracable. Spend another 10k and hire a meth addict hitman.
I hope they are good hackers. There are a lot of swamps down there to bury less elite hackers.
(Muskrat1 to Muskrat2: Mmmm, hackers,... tastes like chicken)
FTFS:
But the Common Core DOES NOT mandate any particular exam or evaluation instrument of any kind. PARCC is, according to Wikipedia, "a coalition of 12 states and the District of Columbia that are working to create and deploy a standard set of K-12 assessments in math and English." PARCC is basing their assessments upon the Common Core standards, but it is PARCC that mandates the exams, not Common Core.
Common Core is, literally, just a list of skills that students should have at various grade levels. For example, sixth grade math students are supposed to be able to "Write, read, and evaluate expressions in which letters stand for numbers." That simple statement, and many like it, make up the Common Core. It has nothing to do with mandating exams.
The Common Core standards are freely available on the web, in case you would like to look at them: http://www.corestandards.org/r...
The computer are just fine, format and reinstall. The data (files, database, pdf, doc) are locked and encrypted. That's what worth something to pay for... or not.
If you don't use our tax revenue to effectively defend us from these attacks, can you at least respond as if we have been attacked? Every company and local government in the USA is under constant attack by government-sponsored attackers or stateless gangs. Daily. Isn't this also what drones are for?
What a great way for the CIA to fund ops without having to account for funding...
"Fortunately the Superintendent told CBS 3’s Walt Hunter the hackers, using a program called Ransomware, did not access any personal information about students, families or teachers"
:) While I do take the assurances of the Superintendent in good faith, it did occur to me to ponder why CBS 3’s Walt Hunter didn't ask the question as to how this 'program called ransomware' got onto the 'computers' in the first place?
So we can be pretty sure the 'program called ransomware' isn't a Unix/Apple or Android hack