Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Massachusetts School District Pays $10K to Ransomware Attackers

    "A school district located in Massachusetts paid attackers $10,000 after they infected its computer network with crypto-ransomware. 

    Officials at Leominster Public Schools decided to meet the demand after the district suffered a ransomware attack on 14 April.

    It’s unclear what types of files the malware encrypted. According to CBS Boston, the stain prevented employees from accessing parts of the school’s network. It also brought down the district’s email system, thereby forcing employees to communicate with one another via their personal Gmail accounts.

    Leominster Schools Superintendent Paula Deacon said in a statement that she and other officials were waiting “to be fully restored.” As quoted by CBS News:

    The Leominster Public Schools were the victim of a Ransomware cyber attack on Saturday, April 14, 2018. A lock was placed on our system until a negotiated ransom was agreed upon. We paid through a bitcoin system and are now awaiting to be fully restored.

    IT personnel were still working to recover the district’s affected systems on 30 April, reported The Boston Globe. Deacon did not provide additional comments about the progress of the recovery efforts. But she did thank everyone for their patience.

    Leominster Public Schools isn’t the first district to suffer a ransomware attack. In mid-September 2017, bad actors demanded that the San Ysidro School District, a public school district located in San Diego County, California, pay $19,000 to receive a decryption key following a ransomware infection. Two years before that, malefactors encrypted the Swedesboro-Woolwich School District’s systems with ransomware and demanded a ransom of 500 Bitcoins, which was initially worth $129,000 at the time.

    Clearly, ransomware actors have a history of targeting schools. Educational institutions should internalize this record of attacks by taking steps to prevent a crypto-malware infection on their systems. They should do so by patching their workstations’ operating systems and possibly setting up additional firewall protections. Organizations in the education sector should also make sure to back up their most important files on a regular basis."

    We could not agree more. And step all employees through new-school security awareness training to prevent attacks like this, because most of them are caused by employees falling for social engineering tactics like  phishing.

    Source: TripWire

     

    Return To KnowBe4 Security Blog

    Topics: Ransomware

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews