Taos schools overcome ransomware attack on computers

By Jesse Moya jmoya@taosnews.com
Posted 3/28/19

Taos Municipal Schools have been working to resolve a ransomware attack that knocked out access to district digital services.

You have exceeded your story limit for this 30-day period.

Please log in to continue

Log in

Taos schools overcome ransomware attack on computers


Taos Municipal Schools have been working to resolve a ransomware attack that knocked out access to district digital services.

On Feb. 28, Taos schools suffered a cyber attack with the hacker demanding $5,000 for the return of the control over their digital services. Emails, class instruction and the district website were disabled as part of the attack, which has been mostly resolved, according to school officials.

"That was scary," said Superintendent Lillian Torrez. "We thought it was a virus, the way it came in."

Torrez said the attack began when someone in the district opened a predatory email. The software encoded itself in the district's system and was able to shut down access to nearly every aspect of the digital realm including class instructions, grades, email and the main site.

"Our IT department has been working 20-hour days to recreate our websites," said Taos Superintendent Lillian Torrez.

According to Torrez, the attackers demanded $5,000 for the return of the system control. No money was paid and staff have said they eliminated the threat.

The district is currently working with forensics teams as well as the FBI to find the ones responsible for the attack.

While the attack itself caused an initial safety concern, Torrez was immediately worried about the future issues with security. After meeting with forensics and IT teams, Torrez said no personal information has been leaked.

"There is no evidence of any information being compromised," she said.

Ransomware works like a virus, spreading through a server system until fully encrypted in the software. Once there, the program shuts down the use of a specific aspect of the server, such as access to emails, until a demand is met. This type of programming started in the late 1980s and has evolved into much more sophisticated malicious programming.

"It can get onto a network in the same ways that all other malware gets on a network," said Cooper Quintin, senior staff technologist at Electronic Frontier Foundation. "It can be downloaded from the internet accidentally, sent in a malicious email, put on the network purposefully by a malicious person, and a million other ways."

According to Quintin, the goal of ransomware is to make the user money by disabling the system of the victim and that information is not usually sent back to the attacker from the victim.

"The real danger here that important data could be lost forever or a mission critical network could be taken down," he said.

Getting rid of a ransomware attack requires sifting through a server to try and find where the attack is encrypted. An easy, but costly, solution is to wipe the system and start from scratch. In that scenario, Quintin recommends that people back up to the best of their abilities. Preventing a ransomware attack requires internet safety and savvy. Don't open email or links that seem unwarranted, and if ransomware does infect a system, Quintin recommends never paying the ransom, as it encourages others to continue their attacks.

"We are working diligently to restore full functionality to all systems and to investigate this incident as quickly as we possibly can," Torrez said in a release. "At this time, however, we cannot provide a precise timetable for the conclusion of those efforts."


Private mode detected!

In order to read our site, please exit private/incognito mode or log in to continue.