Ransomware attack shuts down some Michigan schools
A Michigan school district is the latest entity to fall prey to "ransomware," with hackers seizing control of its computer system and demanding $10,000 in bitcoin to release it.
District officials at Richmond Community Schools said their servers were attacked by ransomware during the holiday break and that the virus affected telephones, copiers and classroom technology. The district has closed three schools for the week so employees can resolve the problem, which officials believe will be "a very time-consuming process." Student and staff information wasn't compromised, the district said.
Richmond Community Schools Superintendent Brian Walmsley said officials won't pay the ransom. "There's no guarantee we'll get [the server files] back," he said. "And we don't know if that's $10,000 for each file or each server that they've taken."
The district is working to migrate critical data to backup servers, Walmsley said, adding that school should resume as normal on Monday.
Ransomware schemes have proliferated in the U.S. and around the world, with cybercriminals targeting health care providers, universities, government agencies and many other organizations. Last month, four U.S. cities were attacked, including two in Florida. One incident, in Pensacola, targeted the city's sanitation department and rendered a local energy company inoperable. A week later, an attack affected servers in New Orleans and caused a state of emergency.
Held hostage
Nor is Richmond, which is about an hour north of Detroit and which has roughly 1,400 students and a $15 million budget, the first school system to be held hostage. The Las Cruces, New Mexico, school district was attacked in October, while three New York school districts were hit last year.
In all, ransomware hackers hit 113 state and local government agencies, 764 health care providers and 89 colleges last year, according to a report from Emsisoft, a firm that monitors ransomware attacks.
"The fact that there were no confirmed ransomware-related deaths in 2019 is simply due to good luck, and that luck may not continue into 2020," Fabian Wosar, Emsisoft's chief technology officer, said in the report.
In a typical ransomware attack, cyberthieves gain control of servers used by companies or government agencies to store key data. The hackers then demand payment in return for unlocking the computers, sometimes threatening to delete data if payment isn't made.
In November, hackers hijacked data from more than 100 nursing homes across the nation and demanded $14 million. Not paying the ransom meant the nursing homes couldn't access patient records, use the internet, pay employees or order medications.
"I'm aware of one ransomware variant that affected all 50 states that had some $30 million in losses, and over $6 million in ransom payments. I would tell you that the losses are very significant, and easily approach a hundred million dollars or more just in the United States," Mike Christman, section chief for the FBI's cyber division, told CBS 60 Minutes last year. "Everyone should expect to be attacked."
