back to article Ransomware holds schools hostage: 'Now give us Bitcoin worth $129k, er, $124k, wait ...'

A New Jersey school district in the US has been held hostage by ransomware that has apparently demanded hundreds of Bitcoins to end the situation. Teachers, staff and kids in Swedesboro-Woolwich school district have been unable to access their computer files in classrooms as a result of a network-wide security compromise, The …

  1. Ole Juul

    Good for them

    From the Swedesboro-Woolwich School District technology page:

    "Encrypted files were restored from backup to their original state. Servers were restored to remove any trace of the malware. Email and other systems are being restored as quickly as possible."

    It looks like their IT may actually be well managed. So I guess they don't need to pay the ransom.

    1. Loud Speaker

      Re: Good for them

      And the kids get to learn the importance of not installing malware! Probably the most valuable lesson they will get this year (depending on the value of bitcoins, of course)!

      1. Graham Marsden
        Trollface

        @Loud Speaker - Re: Good for them

        > And the kids get to learn the importance of installing malware just before the exams, giving them more time to party revise.

        FTFY!

      2. Anonymous Coward
        Anonymous Coward

        @Loud Speaker - Re: Good for them

        Nah, kids can't be bothered to learn this stuff!

    2. Anonymous Coward
      Anonymous Coward

      Re: Good for them

      I agree, well done to their IT dept. Teachers/the School owe them several pints once this mess is cleaned up. While you can never be fully secure, it seems they have taken every preventative measure possible and despite a near-complete "failure", have managed (or are managing) to recover.

      That is purely down to good planning and implementation of their DR procedures. This is not common in academic IT below University level.

    3. Lamont Cranston
      Thumb Up

      Re: Good for them

      Thumbs up to this.

    4. Tom 13

      Re: Good for them

      Yes and no.

      Yes, it's good that unlike so many other durn fools out there they have backups.

      But it still sound like they had some serious holes in their security since the malware was able to take down the whole network, including the cash registers. I'd also want thorough forensics to prove no personally identifiable information was exfiltrated from the network.

  2. Peshman

    Another nail in the BC coffin?

    Forensically trace the hashes when they're cashed in or dropped into the destination wallet and wait for the info to be gathered from TOR exit node.

    1. Jimmy2Cows Silver badge
      FAIL

      Re: Another nail in the BC coffin?

      Why bother? They aren't paying the ransom so there'd be nothing to trace. Are you suggesting they should pay up regardless, even though they've cleaned and recovered their systems?

      1. Peshman

        Re: Another nail in the BC coffin?

        Not at all. Just saying that it'd be the most stupid ransom method ever. BC isn't the same as unmarked small bills. You can't just hand 'em over to just anyone to launder and spend 'em in your local supermarket/mini-mart/pub. Forensic accountants are pretty good at following the physical assets, as and when, either cash is used or BC wallet transfer in exchange for tangible goods.

      2. Tom 13

        Re: Another nail in the BC coffin?

        Meh. Call in the appropriate agency and use some of the coin they seized from something like seizing Silk Road. Then trace the perps. Whether they intentionally targeted a school or not, send in the black helicopters after the perps have been found.

  3. This post has been deleted by its author

    1. Horridbloke

      "It's seriously good to hear about a non-IT organisation who have actually got the hang of reassuring press statements."

      FTFY

  4. Joe Drunk

    The attack is said to have started on Saturday morning.

    Given the reported size of the ransom, though, it's possible the district was specifically targeted by crooks.

    Inside job or someone with knowledge/access of the school's computers. Disgruntled ex-employee?

  5. Cuddles

    1981?

    I finished school in 2001 and we didn't have any meaningful computer use, and certainly no internet. You really don't need to go back to before I was born to find people using pen and paper.

    1. Tom 13

      Re: 1981?

      I graduated a fair bit earlier than you did. Our high school got TRS-80s the year I graduated. A fair bit of the record keeping was already computerized at the administrative office, although teachers were still submitting grades with paper and pen at the time. As 2001 was more than a decade later, I expect they were fully computerized by then.

    2. Gis Bun

      Re: 1981?

      First [real] computer I used was in 1981 [8086 CPU]. First time I used one in school was a year later.

    3. Queasy Rider

      Re: 1981?

      I graduated high school in 1970. Although my school had no computers, my neighbor's school used computers for classroom scheduling, (and lessons as well, of course.) I imagine, by 1981, computers had wormed their way deep into the education system there.

      1. fearnothing

        Re: 1981?

        I finished A-levels in 2002, in a school that was designated a "Technology College". Although there was a computer network (some of it even on Windows XP!) you still needed to get permission if you wanted to use a computer outside of designated class time.

        Class time that involved computers consisted almost entirely of learning to use Excel. Oh, and the art department had just had a £1m investment whereas the technology dept got... nothing as far as I could tell.

        Some technology college, eh?

  6. TakeTheSkyRoad

    More anti-bitcoin bias

    Getting very disappointed now with what is increasing looking like a strong negative bias here.

    Where is the coverage for Bitcoin & crypto currencies being covered in the last Budget ? This was last week now and I would have thought that £10m in research funding and positive regulation in the next parliament would be news. The BBC certainly thought so : http://www.bbc.co.uk/news/technology-31944054

    As a heads-up Neteller started to accept bitcoin for deposits today (formal announcement expected tomorrow). Bitcoin deposits are free and an account can be denominated in one of many currencies so I think there is a good angle here with the tech shaking up the travel currency market. See here : http://www.coindesk.com/neteller-bitcoin-deposit-policy-reversal/

    What happened to praising innovation ?

    Yes this technology is being used by some "bad actors" but there's a bigger picture here than the small % of criminal uses.

    I've been reading the Reg for a long time and frankly if this wasn't for the bitcoin angle this would be a story simply about a school not being able to employ proper virus protection and checking email attachments. Feels like I'm the sole geek in the school yard here who can see a great idea but is being shouted down by the jokers/bullies just out for attention.

    1. Peshman

      Re: More anti-bitcoin bias

      Eh?

      Nobody, at least not I, has/have said that BC is a bad concept. As innovations go it's been a marvel of anti-establishment rhetoric. That's the problem though, as a currency it's far too volatile to use for everyday FX transfers and as an investment currency it's a non starter.

      How do you know how much it'll be worth next week/month/year? It's not pegged to any other currency to prop up its value. You wouldn't just buy some to invest in it and hold some in a wallet like you would with pounds or euro in a bank account? The only Issue that has been mentioned is that it would be traceable in the long run if someone paid you with them and you tried to spend/transfer them.

      1. TakeTheSkyRoad

        Re: More anti-bitcoin bias

        No need to take this personally, I wasn't referencing your comment at all and I'm simply say that overall bitcoin coverage seems to be biased with the focus on any negative news useage. Just go to the search bar and check for "bitcoin" and you'll see mainly references to ransomware, the dark web (eg silkroad) and services that have been hacked or shut down.

        In fact of the 22 articles this year 6 are devoted to or reference the silkroad site and yes I understand the trial was last month but that's over a quarter of the coverage and there's more going on out there than scandalous headline makers.

        Yes the price is volatile but that only matters if you are buying and holding with a view to making some money. There is more to bitcoin than the price and investment.

        Regarding it's usage for foreign exchange transfers I don't see the volatility as an issue. In this case the period of time that you would be holding bitcoin would be say an hour or so and large fluctuations within that time range have happened but they are rare. Increased usage would increase the volume which would decrease the volatility so in a year or three I would expect a more stable price.

  7. Anonymous Coward
    Anonymous Coward

    Wait a few weeks?

    Id like the loathesome casual of a hack that wrote this trash to look at the BTC charts for the last few months.

    I think you'll find the value is up and down like a tarts drawers rather than in a linear decline.

    Why do people want to bash BTC so hard?

    Traditional cash can be used to buy illicit items and is a lot more anonymous than BTC is. Is that a "nail in the coffin" for traditional cash?

    I dont care either way I have no vested interest in bitcoin I just find the closed mindedness bewildering.

    If the geek is to inherit the Earth we need fix current shitty paradigms with our engineering skills. Bitcoin is a step in that direction.

    1. Anonymous Coward
      Anonymous Coward

      Re: Wait a few weeks?

      The geek is not to inherit the Earth, only to slurp some private information from each and any of us or to induce you to click on some lousy advert.

      I don't want a currency if any malevolent sysadmin can steal it with total impunity or if dishonest software developers can make your PC mine for them. The fact it is an innovation does not necessarily mean it is for the public good.

      1. Anonymous Coward
        Anonymous Coward

        Re: Wait a few weeks?

        Who said it was for the public good? Nobody knows what it is yet. Its still finding its feet. Most fiat traders wouldnt entertain the idea of analysing it properly until there is 10 years of history to use. When bitcoin hits 10 years old we'll see interesting things happen.

        Personally I see it as a kind of real estate, as time goes on less become available and their value goes up. Its so much like real estate that trust funds, pension funds and the like are secretly investing in it. Bitcoin is a very cheap low maintenance investment for potentially high return. If it succeeds you're quids in. Pound for pound you're more likely to win with bitcoin in the long term than buying a lottery ticket each week. Plenty of tools do that. The returns on bitcoin over the medium term are far greater than any savings account. If you'd invested 2 years ago you'd have doubled your money by now even if you missed the peaks.

        As it stands there has been so much investment in bitcoin that its hard to see it really fail. As long as it has a value it has a function.

        I personally think it has a lot of merits and as a geek im all for it.

        Just like cash you need to be careful who you hand your coins to...your bitcoins can only be stolen if YOU dont take measures to protect them.

  8. Mayhem

    One of our customers was hit with this last week

    I'd expect the initial ransom was $500 in bitcoin - that is the standard message displayed by Cryptowall 3.0 which is a right bastard of a product.

    Our antivirus caught it on the PC, so it only screwed the initial user's profile, but it does a basic network traversal using mapped drives, so completely bollixed the NAS shares which the user had full access to.Since it took them a couple of days to alert us that the infection had taken place, the weekly syncs had taken place and overwritten their secondary NAS as well.

    (Edit: They only pay for ad hoc assistance, not for realtime monitoring. We set up protection against hardware failure, not across-the-board data corruption. Suprisingly the XP machines running NAV were left alone, only the w7 machines were targeted across the network)

    Our customer only had a backup on USB from December, but were happy to work from that as most of their work is online.

    However be aware - it will traverse mapped network drives, and that includes synced cloud folders like dropbox. Not every cloud provider supports versioning, especially for SMB users.

    The ONLY safe mechanism against this attack is an offline copy of the data, which for small shops I would suggest at least every 3 months. And since they use commercial exploit kits to deliver the payload, it is very hard to completely defend against, even with IT knowledge.

    It's a real change in risk profile, from accidental damage or hardware failure to deliberate trashing of the data. It's almost like the early DOS viruses again, which were designed to paralyse what was infected instead of spreading.

    1. TakeTheSkyRoad

      Re: One of our customers was hit with this last week

      Of the two articles linked the second one mentions $500 rather than 500 bitcoin so you could be right there.

      http://www.nj.com/gloucester-county/index.ssf/2015/03/nj_school_districts_network_held_hostage_for_500_i.html

  9. Crazy Operations Guy

    Demanding money from a public school?

    Haha, they've been foiled; the school has no money.

  10. Gis Bun

    Bitcoin is popular with the randsomware scums. But if the exchange continues to decline, they will ask for more.

    Many randsomware gives you 72 or maybe 96 hours to pay up or the data is never recovered.

    As well, I would not trust any system that was infected with malware [let alone randsonware] even if it got a clean bill of health. Once you are infected, that's it.

    Remember when SP3 for Win XP came out? Many couldn't upgrade and they were cursing Microsoft for it. But people found out that a piece of malware was still lingering in their system even though malware scanners said the system was clean.

  11. Spaceman Spiff

    This is why

    This is why running Windows in public systems such as schools, government agencies, etc. is a totally stupid idea! Most such systems allow the primary user Admin privileges. This is not the case with Linux/Unix systems (though giving a user sudo privileges with NOPASSWD option will provide similar access), without specifically allowing such access. Look at all of the cities in Europe that are migrating totally to Linux. Safer. More difficult to penetrate (stupid applications notwithstanding). Linux with SELinux extensions enabled makes it even more difficult to pwn systems like this.

  12. Anonymous Coward
    Anonymous Coward

    500 BTC vs $500 in BTC

    The malware demanded 500 Bitcoins, Van Zoeren said, a ransom that becomes a better deal for the schools with each passing day, due the sliding BTC-USD conversion rate. We assume 500 BTC is correct, and the superintendent didn't mean $500 in Bitcoin.

    can we get some confirmation of this? it seems to me that a misquote would make more sense than a targeted attack with a $100k+ price tag (iirc the cryptolocker variants typically demanded $300-$700 in btc).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like