Judson ISD said it paid for access to its files but would not specify how much it cost, the San Antonio Express-News reports.
The cyberattack took place on June 17, cutting off access to email, phones, and computers. Between that time and the payment last week, the district lacked access to basic communications.
Judson ISD worked around the attack by setting up new emails and using Wi-Fi hotspots. It also hired BlueVoyant, a cybersecurity company, to navigate a response to the attack.
Eventually, the looming start to the school year in August may have forced the school board to the table. The board’s public meeting agenda shows that members discussed settlement of the ransom during the closed session.
Authorities advise ransomware victims against payment.
“The [Federal Bureau of Investigation (FBI)] does not encourage paying a ransom to criminal actors,” the FBI wrote in a fact sheet on ransomware.
According to FBI data, ransomware attacks rank low on the most commonly reported cybercrimes. Phishing scams, romance and confidence schemes, and investment fraud are much more common.
Nonetheless, state data shows that ransomware attacks have taken a significant bite out of local finances. The Texas Department of Information Resources (DIR) estimated that school districts lost nearly $2 million to ransomware attacks in 2019 — the lowest category after cities, which lost an estimated $2.3 million, and counties, which lost an estimated $3.2 million.
Since agencies and school districts must report cybersecurity breaches but not ransomware attacks specifically, the DIR has collected no specific data on ransomware trends in Texas government. However, Texas school districts since 2019 have paid hackers ransoms in single attacks that, in some cases, rival the DIR’s 2019 annual total. Manor ISD paid $2.3 million in a scam in 2020.
DIR’s Statewide Cyber Resilience and Response Manager Jonathan King said the easiest way for agencies to refuse to pay a ransom is to prepare backup data.
“An organization can look to see if they do have data backups and restore from backups. And if they don’t have backups, they can rebuild their system manually and hope to rebuild stronger,” King said.
“There’s a concept of having inline backups that are really quick to restore… But because they’re inline, they can be encrypted by the threat agents. Having offline — weekly, daily, whatever is appropriate — backups that are not connected to the network is how many ransomware victims recover.
Without backups, King explained, agencies typically have no choice but to pay the ransom or rebuild the system from scratch.
“Sometimes organizations don’t have [backups]. And if they don’t, then they have to rebuild manually. And that may constitute scanning paper files, manual data entry, or rebuilding the context of the files that were encrypted,” King said.
An effort to require agencies to report ransomware attacks slipped under the rug during the regular legislative session.
Disclosure: Unlike almost every other media outlet, The Texan is not beholden to any special interests, does not apply for any type of state or federal funding, and relies exclusively on its readers for financial support. If you’d like to become one of the people we’re financially accountable to, click here to subscribe.