Ransomware removal experts found a familiar name battling a ransomware attack. The attack’s victim under discussion is The Cloquet school district. Earlier, in March 2016, the school had to shut down its operations for a day which brought academic activities to a halt. The IT staff had to then put effort into the ransomware removal and recovery process.
This time the attack did not halt academic activities as it occurred during the summer vacations. Thus, the estimated damage is lower than before. The school’s technology director, Mr. T.J Smith, offered some insights about the attack while talking with ransomware removal reporters.
According to Mr. Smith, the ransomware operated in a manner similar to other malware of such types and was successful in the encryption of files that were stored in almost all the servers. He also informed that the breach took place in the shared drives. However, one server is reported to have been saved from the attack. Interestingly, Mr. Smith statement shed light on the fact that there has been no sign indicating a data theft so far. Hence, the only issue that the school is dealing with is access to the locked files.
Mr. Smith presented two courses of actions to the school board and management, in case they wanted to avoid paying the ransomware owners. Firstly, they could try to engage with the attackers for the recovery of their data. The second solution involved implementing strategies that could help the school in recreating the encrypted data while also attempting to revitalize the damaged servers. However, he also warned that inaction could lead to the worst case scenario i.e. the school loses the data while suffering other losses like those of money and time.
In the end, the board unanimously selected the second solution after deliberating on the options. There are also talks about acquiring services from a forensic company for a detailed analysis of the ransomware removal and infection processes.
