Ransomware attacks continue to affect organizational networks regardless of their size. In addition, enterprises that work in public domain have become the favorite target of ransomware operators. In a recent such ransomware attack, a school district’s digital network in Oregon has been compromised. Roseburg Public Schools’ computers were targeted by a ransomware attack over the weekend.
The administration found out about the attack on Monday morning when they can’t open emails, web browser or any service application on their computers. It is important to note that over 7,000 students are enrolled in Roseburg Public District from the communities of Winchester and Roseburg.
This means a huge amount of public data might have been compromised in the attack. However, the District’s superintendent Gerry Washburn was quick to clarify that their initial investigations didn’t suggest any data theft.
Nevertheless, the school’s administration should be commended for the immediate commencement of ransomware removal activities. Meanwhile, law enforcement agencies also started to probe the attack. As per the facts on the ground, it seems like the cryptovirological operators have used a complex ransomware strain to lock down the district’s computers. There are multiple reasons why we have come to this inference.
- It’s been four days since the attack happened, but the school administration is saying that they are still dealing with the ransomware removal.
- The security experts responsible for ransomware removal haven’t disclosed the nature of the cryptographic script used by the attackers.
- The administrations haven’t revealed the amount of money demanded by the attackers for providing the decryption key, which means some background negotiations might be in progress.
- The ransomware has infiltrated so deeply that it has also affected the district’s backup files.
- The school had to ask for the help of the Multi-State Information and Analysis Center (MS-ISAC) to restore their critical software applications.
As of now, the ransomware removal activities have succeeded in restoring the operations of bill-payment and payroll software. On the other hand, the district with MS-ISAC’s assistance is trying to decrypt the locked down server files. The district is also planning to review their digital security measure to mitigate similar attacks in future.
