Ransomware attacked the Educational Service District which shut down school and county admin e-mail and internet facilities
Robert Waltenburg, Superintendent, explained that the infection happened last week and that now services have been restored. He explained that they are working to harden the security in the different departments of the organization, “While we have recovered for the most part, we are in the middle of tightening security as well as becoming more restrictive on our filtering“.
This malware is believed to be a variant of the .LOL! ransomware which emerged last year and has apparently infected systems globally. It is thought to have been sent in a well-disguised spam e-mail; this is currently being investigated. After the malware enters (after the recipient opens the infected ‘mail), all files on that system are encrypted. For the well-written ransomware, there are no decryptors and a victim must either pay, loose the files – or restore from an external backup. The really bad news is that efficient ransomware also infects and encrypts any networking – these infections can spread through the departments of an organization at lightning speed.
Waltenburg says ESD has enforced ad-blocking on the domain, disabled the running of executables – especially on external devices, and tightened e-mail server security. There is also a publicized educational initiative to inform users about the dangers of malware and the need for external backups. He hopes this will be sufficient, though has no illusions: “We have learned that while our network is above industry-standards with filtering, antivirus, and antimalware, we cannot prepare for every possible outcome and still have a somewhat usable network“.
