A Particularly Good Tale of Ransomware
As the founder of a cyber security awareness company, it may seem a little odd how much I enjoyed “Lumberhacked!”–one journal’s report of a malware infection that affected the Cloquet School District in Minnesota. Before you judge me, let me explain.
When it comes to reporting cyber attacks, many news sources will simply relay the cold, hard facts. For those who care about the subject, this may be preferable as it is the quickest way to get information. However, for those who aren’t interested in cyber threats (and thus won’t take steps to learn how they can protect themselves), we need content that is more engaging.
That’s why I enjoyed the Pine Journal’s report. Rather than just giving the facts, it molded the report into an interesting story, capturing reactions from the tech coordinator, superintendent, and one school’s principal (a Mr. Tom Brenner). Brenner said that he knew something was wrong because whenever he tried to work on his computer, he was flooded with pop-ups and error messages indicating that connections had failed. This was just the tip of the iceberg.
When the attackers struck, ransomware spread throughout the school district’s infrastructure, affecting servers, workstations, and even more minor things like the lunchroom payment system and HVAC monitoring. The failed connections that were experienced by users was due to encryption. This is because when ransomware encrypts files, it also locks up resources used by applications (e.g. if your database files are encrypted, your application won’t have any data with which to operate, resulting in error messages).
The Cloquet School District’s encounter with ransomware was particularly brutal. The story in the Pine Journal mentioned that it was a strain of CryptoLocker which requires a significant amount of time to recover from. School even had to be canceled at one point in order to triage the situation. All of these problems are thought to have begun with a simple (but malicious) e-mail that had been opened prior to spring break.
Most people don’t realize just how easy it is to become the victim of a malware attack, nor the lengths one may have to go to recover. The tech coordinator responsible for leading the cleanup of Cloquet’s mess decided to take servers and workstations back to a baseline, wiping them clean and restoring whatever files could be salvaged. This is the norm for recovering from ransomware, and when you have to do it to almost 600 computers, it’s tedious and time-consuming. IT reinforcements from neighboring districts were even called in to help reimage computers. Even worse, teachers had to adapt to instructing their students without the use of important tech devices–a subject we discussed in an earlier post (Conversations with Teachers).
As educators, how we talk about malware is extremely important. We must do our best to help users understand the dangers associated with cyber attacks, including how they can affect individuals across an organization. That’s why stories like these are important. They can be very effective in showing just how serious ransomware malware can be. If you’re looking to raise awareness about this issue, I highly recommend the story of Cloquet Public Schools, MN.