Slashdot Mirror
NJ School District Hit With Ransomware-For-Bitcoins Scheme
An anonymous reader sends news that unidentified hackers are
demanding 500 bitcoins, currently worth about $128,000, from administrators of a New Jersey school district. Four elementary schools in Swedesboro-Woolwich School District, which enroll more than 1,700 students, are now locked out of certain tasks: "Without working computers, teachers cannot take attendance, access phone numbers or records, and students cannot purchase food in cafeterias. Also, [district superintendent Dr. Terry C. Van Zoeren] explained, parents cannot receive emails with students grades and other information." According to this blog post from security company BatBlue, the district has been forced to postpone the Common Core-mandated PARCC state exams, too. Small comfort: "Fortunately the Superintendent told CBS 3’s Walt Hunter the hackers, using a program called Ransomware, did not access any personal information about students, families or teachers." Perhaps the administrators can take heart: Ransomware makers are, apparently, starting to focus more on product support; payment plans are probably on the way.
...they went after these criminals.
If our government actually did something about stuff like this, I think people would believe in their government a bit more, but as it stands, it seems like the NSA and such only want to either spy on us or topple governments that don't tow the line for the US.
I cannot imagine that finding these criminals is beyond the abilities of the US Government, it just seems like they don't even try.
used to get fake threats during exams. this ain't a fake.
>> the Superintendent (said) the hackers did not access any personal information about students, families or teachers
He knows this because the hackers told him?
Maybe 200-500 computers. Is the ransom higher than what it would cost to replace everything? (maybe not enough to replace them with Macs, but Linux and Chromebooks are possible). How many computers does a district with 1700 students really need to get the basics done?
Just seems like a steep ransom to me. Especially since if I replaced all the computers, the old equipment is worth something and I could probably auction it off.
The data is gone if you don't pay the ransom (or crack the encryption). Sadly I don't have a way to resolve that problem, other than to start over again and hopefully anything important has backups. (ideally in a form that doesn't spread infection)
“Common sense is not so common.” — Voltaire
why didn't they just install some mining software? Sure, it's going to take a while to mine 500 bitcoins, but nobody would have ever known they were there. Instead they take the showboating route. it's like they need to know people know about them to stroke their egos. I bet they deliver some bloated soliloquy at a key moment and ruin their entire plan.
Why would the NSA have to reveal anything? I'm imagine they are "taken care of" in a way that means revealing nothing.
We're already assassinating leaders of terrorist groups. I don't know why ransomware rings affecting government institutions would not qualify.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
No backup system to restore from? Systems linked that should not be linked together? As for classroom computers, fuck it, reimage those suckers. This should not be happening and in the IT dept. heads need to roll. I'm head of IT for a school board and I'm telling you that this should not have happened or at the very least the affected number of computers should be much lower.
This is a great time to consider swapping out Windows-centric systems and making the break for the cloud and open source toolsets. There, I said it. The only thing lacking in this niche is inertia, but.. soon the schools will figure out that the students are intelligent and can be involved in the configuration/maintenance. Ok. well..maybe not K-12, but quite possibly grades 9-12. Whats local doesn't matter - this changes so much. Put data in a school cloud, and the schools will become just another place that hooks into the cloud resources. The pendulum swings again!
Time for a new Political party in the US (or two!) One is off the rails Other cant pony up a leader.
I can't understand in a case like this why they can't restore the system from some earlier backup (well, I can, but it seems absurd they are not able to).
If nothing else just whip the system and re-install software. It seems like they could recover email addresses from servers the emails went through before... perhaps they would be without some records but you can't go on like this. Even if you pay the demands and unlock everything you'd have to reinstall everything from scratch anyway.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
It sounds like this is something would would be noticed shortly after they were locked out. If so, then why not just recover from nightly backups to the point prior to being locked out. You shouldn't lose much data, if any, assuming that it was caught right after being locked out.
Of course, this all falls down if they weren't doing proper backups.
With every passing day and every new incident, it becomes clearer and clearer that we really have only one option when it comes to operating system software: OpenBSD.
OpenBSD has proven itself, over many years, to be extraordinarily secure and robust. The OpenBSD developers don't treat security as an afterthought; it's their primary concern. That's why it's such a solid OS, and about as secure as one could ever hope to get.
While it isn't always possible to retroactively fix mistakes, like using non-OpenBSD operating systems, it's always possible to do things properly going forward. That's why anyone who is implementing a computer system or network of any kind needs to do the responsible thing, and use OpenBSD.
OpenBSD is the only option at this point. Pretty much every other major OS out there has shown that it can't reliably stand against the kind of threats that OpenBSD defeats with ease.
OpenBSD really is the only sensible choice.
It's funny that schools got along without computers for thousands of years, now all of a sudden they're required. Well how about going the non electronic route until the problem is solved...... not that hard to figure out.
The US government needs to immediately make it illegal to pay these types of ransoms. You have no idea what group is collecting the money or what they're going to do with it so just simply make it illegal. That will stop most of these ransoms from happening.
None of what they are unable to do now even requires computers. Just get out your fucking pencils and carry on.
My wife's district uses Microsoft Dynamics, and the piece of garbage, that has never printed a correct pay check, lost its activation so the district could no longer print pay checks, accept payments for lunch, pay bills, etc.. They couldn't even look-up contact info for vendors to call them to give them a heads-up about the late payments. Microsoft really fucks over people with their activation garbage. This isn't like the rest of us that have to suffer with the Office garbage losing its activation so we can't open a Word doc. This is Microsoft holding large organizations hostage with demands for more money. They changed their support fees after the fact. I'm still trying to fix the problems caused with my wife's delayed deposit and NSF fees.
Those aren't cash registers. Outside food service has account for each student, that parents have to keep stoked with money. The students just type in PIN to have meal charged. They can't distribute lunch and charge that account is the issue. In this pinch the food service could just bring over printout of account balances and write in amount for the day next to it, then take back to HQ for reckoning...a PITA but oh well that's what careless IT admin buys you
Make the attackers go through the school district's purchase order approval process to get their money. The computers will be restored in a few months with no payout.
This suspiciously sounds like CryptoWall. I'd be willing to bet that an admin or other highly privileged user got infected and had the keys to the kingdom sitting on a mounted network drive.
I think they'd come out ahead if they nixed the testing, and used the savings to pay the ransom -- and in the intervening period actually teach the kids. As in teach, not teach to the test.
Oh look, Cryptowall/Cryptolocker hits a school/business/home/whatever.
Shoulda had AV installed. Shoulda had backups.
surely it is the FBI who would have jurisdiction in a case such as this.
All these problems could be prevented by-
1. Running as a low privileged user, NOT administrator with root powers. Might be tough on Windows, but so is having all your computer ransomed.
2. Back-ups of vital data. If you have paroper back-ups, nuke the disks and reinstall, or restore images and back-ups of the files.
Windows encourages bad practices. Did you ever see a ready build PC with all the data on a separate derive or partition? No, they make it so a re-install makes you lose all your data.
This has been happening since at least a year ago. There's nothing at all about this story that raises it to the level of "news"
Why didn't they simply restore backup images? If they are too lazy to have set up a server that automatically backs up images incrementally they need to fire the entire administrative staff and bring on thinking people that can properly prepare for disaster recovery.
Have gnu, will travel.
Businesses are being hit. Quite a few are paying the ransom. They lose more money by not being able to work than they have to pay to the asshats.
Steve Gibson talked about it a lot on the Security Now! podcast a few months ago.
Those who can't do, teach. Those who can't teach either, do tech support.
Offline backups and live images.
infected? shut down the network, reboot the image on the system. Restore lost data from offline backups.
Find the hole (likely some dumbass that has already been told 37,000,000 times to quit opening strange attachments- fire them with extreme prejudice), fix it, and put it all back online.
No ransom paid, minimal if any loss, and this trend dies off like it should have the day it was born.
One can only wonder how difficult it was to teach highschool before computers.
How did our ancestors manage?
a PITA but oh well that's what careless IT admin buys you
Yeah. Careless IT people.
Nothing to do with unreasonable faculty demanding those peon IT people give them wireless and remote access to everything using their iphone/pad, android and infected eight different ways home peecee without the slightest friction or impediment. Probably has nothing to do with the IT budget that gets grudgingly funded only after the quarterly pension COLA bump and the administrative bonuses are paid out, ensuring the whole system relies on a wheezing 12 year old sonicwall appliance. That couldn't have anything to do with it. It's got to be those fools in IT.
On the other hand, the IT staff probably is the direct result of a hiring policy that has actual knowledge and talent waaay down the list of qualifications after race, sex, sexuality, disability and every other imagined grievance they can dream up. That and they're almost certainly terrified of touching the slightest thing lest they interfere with the $240k/year politically connected hypercrat in district HQ that spends nine hours a day surfing porn.
School districts in places like NJ are pretty dysfunctional institutions. Pinning this kind of failure on the IT peons alone is badly naive.
Maw! Fire up the karma burner!
What if we get ransomware combined with the firmware level exploits as seen in the "Equation Group" hacks.
Shudder.
But you know that's exactly who it will be pinned on.
An earlier generation of this malware used Windows built-in crypto, I think Elcomsoft put out a tool to extract the keys back out of the repository and decrypt the files yourself. Are newer versions of the ransomware using their own keys or encryption engines?
Bitcoins are tracable. Spend another 10k and hire a meth addict hitman.
Do you have a shred of evidence that this is the case with this school, or do you spew bile because of some perceived injustice in your life?
FTFS:
But the Common Core DOES NOT mandate any particular exam or evaluation instrument of any kind. PARCC is, according to Wikipedia, "a coalition of 12 states and the District of Columbia that are working to create and deploy a standard set of K-12 assessments in math and English." PARCC is basing their assessments upon the Common Core standards, but it is PARCC that mandates the exams, not Common Core.
Common Core is, literally, just a list of skills that students should have at various grade levels. For example, sixth grade math students are supposed to be able to "Write, read, and evaluate expressions in which letters stand for numbers." That simple statement, and many like it, make up the Common Core. It has nothing to do with mandating exams.
The Common Core standards are freely available on the web, in case you would like to look at them: http://www.corestandards.org/r...
The computer are just fine, format and reinstall. The data (files, database, pdf, doc) are locked and encrypted. That's what worth something to pay for... or not.
WRITE TO YOUR GOVERNOR! Explain the situation and how you've found a way to save thousands of taxpayer dollars, they'll be eager to hear about that.
-1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
If you don't use our tax revenue to effectively defend us from these attacks, can you at least respond as if we have been attacked? Every company and local government in the USA is under constant attack by government-sponsored attackers or stateless gangs. Daily. Isn't this also what drones are for?
"Fortunately the Superintendent told CBS 3’s Walt Hunter the hackers, using a program called Ransomware, did not access any personal information about students, families or teachers"
:) While I do take the assurances of the Superintendent in good faith, it did occur to me to ponder why CBS 3’s Walt Hunter didn't ask the question as to how this 'program called ransomware' got onto the 'computers' in the first place?
So we can be pretty sure the 'program called ransomware' isn't a Unix/Apple or Android hack