back to article New Zealand school on naughty step after ransomware failure

A Kiwi high school has learned the “don't click on the link” lesson the hard way, with a ransomware attack locking down its student's course work. The Hāwera High School is being asked for US$5,000 to unlock the ransomed files. According to New Zealand's Taranaki Daily News, the attack didn't affect staff or student records, …

  1. Anonymous Coward
    Anonymous Coward

    Paid-for AV - Internet / Network-Filtering

    The linked article seemed to hint at offering this but it also was about blocking students circumventing filters using VPNs etc. So what's the real goal... I'm not sure... But I wish politicians instead of pushing for adult filters would push for net-blocking 'features' like this instead.

    Not everyone needs it... But for my folks it might be a good plan. Assuming it works. Going by the fact that AV didn't save the people below, maybe it just doesn't work... Top AV firms including Symantec admit their solutions only work part of the time. Its mopping up after they're selling.

    https://www.bbc.co.uk/news/technology-45032132

  2. Sorry that handle is already taken. Silver badge
    Headmaster

    "with a ransomware attack locking down its student's course work."

    That's not so bad. It could have locked down more than just one student's course work.

    (Unless there's only one student of course)

  3. Giovani Tapini Silver badge

    Surely...

    It can encrypt files stored on the cloud just as easily as files on local servers? What sort of magic prevents the attack extending to the cloud hosted file systems?

    1. RobinCM

      Re: Surely...

      Cloud storage (for users) tends not to use things like mapped drives, plus it tends to have file history features so even if your local files are encrypted and synced to the cloud, you can go back to a previous version.

      No doubt somebody is working on a way to get around this though, but it'll be different for each cloud provider, assuming they have an API for accessing the type of features needed. Crypto malware has been trying to destroy local file history for years if it has sufficient privileges (i.e. user is logged on with an administrator account).

  4. herman Silver badge

    This kind of shit is stopped by SELinux and AppArmor. Windows also has mandatory access control, but it is (obviously) not implemented correctly.

    1. RobinCM

      Windows has AppLocker (or Software Restriction Policies) but in my experience, few places bother turning it on.

      Application whitelisting is just sensible, isn't it? Who wants any random code that they've not approved to run on their system?

      I suspect it's not more widely used because of either ignorance (of its existence, or how to configure it properly) or laziness. Or because people think it's not necessary because how could they possibly be let down by all the extra security tech they spent £££££ on? "I don't need to close my doors and windows when I go out because I've got a burglar alarm"

      1. CrazyOldCatMan Silver badge

        Application whitelisting is just sensible, isn't it? Who wants any random code that they've not approved to run on their system?

        Senior managers who want to run $LATEST_BUZZWOD

  5. Gene Cash Silver badge
    Go

    On the good side...

    The students have learned to make offsite backups!

  6. andy gibson

    "the school has disconnected its network while it works out what to do."

    Restore from last night's backup?

    1. ghp

      Last night's backup was taken after the encryption, overwriting the previous backup. First thing people do when something bad happens in IT: take a backup.

    2. Tashritu

      Old School

      Can I plead for 4 daily tapes (removable physically disconnected storage), three weekly tapes, 12 monthly ones and one out of cycle for months with 5 fridays! If maintained properly that is as good as it gets!

      1. J. Cook Silver badge

        Re: Old School

        You can, but you'll be viewed as an old fuddy-duddy for clinging onto tape like that. (Bog knows I've been called that and worse!)

        Depending on the backing storage, how it's configured, and a few other variables. shadow copies can offer some measure of fast recovery, at least on a Netapp (snapshots are read-only by design), and if caught before they are purged off the filer ([RedactedCo] had theirs configured for three times daily, for seven days, 5 weekly, with monthly backups to tape)

        I have no idea if a windows server can prevent ransomware from messing with shadow copies if a client is infected but not the server itself, and frankly I'm leery of testing it even inside a fullly isolated sandbox.

  7. JCitizen
    Childcatcher

    They could have used cryptoprevent,,,

    It is probably a LOT cheaper that hiring Fortinet! I've tested it against ransomware on my honeypot, and so far no success to the crooks.

  8. Anonymous Coward
    Anonymous Coward

    NZ school IT budgetless.

    Not so long ago (<12 mths) I was tasked to NZ school. The MSP I worked for had a couple of schools on their books.

    It really is a mess ... backups were to a 3.5" USB drive plugged into the single hyper-v host. Backups were using the server 2012 backup agent, and really only protecting against a disk failure on the host.

    Hardware was over-provisioned and barely fit for purpose. There was just no money for it. They couldn't afford an internal IT person and the budget barely bought half a day a week from my ever-greedy employer.

    If we had a support call outside of the allocated visit, there was no longer enough time on the SLA to perform the next weeks onsite visit, which was mostly re-imaging hardware and fixing problems with the classroom equipment, so all that queued up for the next onsite. I really tried to get as much as possible done on site, one day we managed to re-image 30 laptops in a 4 hour visit, albeit using my personal equipment I brought from home.

    It's a sorry state, but no one ever worry's about whether their front door is locked while they're drowning.

    My employer was always trying to sell them more hours, trying to get some extras and overages and sell them projects etc, but it was more about him wanting a new car than anything else.

  9. Frank Bitterlich
    Thumb Up

    Backup 101

    "The worst hit, she said, will be students in [photography and] some technology subjects, who were more likely to be storing their work locally."

    And this, dear students, concludes our course on "Why backing up your stuff is important." I hope you all leaned something. There will be NO pop quiz on this subject, as the pop quiz database has been encrypted by the ransomware, too.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019