Bigfork School District will not submit to ransom demands after the district’s computer network was compromised over the weekend by ransomware.
Information technology staff have been working to recover computer files and remove the malicious software, which encrypted and locked files from being opened. It’s often the case that ransomware is not detected until files have been locked.
“The ransomware virus was scheduled to open on a specific date and effectively locked out access to many district files including finance, personnel and student records,” Bigfork Superintendent Matt Jensen stated in a letter to staff sent out Tuesday.
The ransomware was allegedly sent through an email attachment.
A letter sent to parents additionally noted that with computer systems down, teachers are temporarily unable to update grades.
“We anticipate the system being fully functional by the end of the trimester grading period next week. Therefore, grading will not be impacted,” Jensen stated in the letter.
In a phone interview Tuesday, Jensen said student information affected was contained to grades and directory-type information. Staff Social Security numbers, however, were affected and as a precautionary measure personnel have been given the option to sign up for free identity protection services.
“There is no evidence this group that sent a virus will do anything with the data. There’s not any evidence data was stolen from the network or moved,” Jensen said after the virus was analyzed.
As its namesake suggests, the aim of ransomware is financial gain. A ransom is demanded from the victim in order to decrypt and unlock files other data. It is not guaranteed that user access will be restored, which is why the FBI Cyber Division does not support victim’s paying ransom.
“We weren’t interested in making contact,” Jensen said.
Jensen anticipated affected files and data will be recovered from backup servers that weren’t affected in a few days and “steps taken to avoid further disruption.”
“You can imagine the steps we jump through to make sure we’re protected,” Jensen said.
Jensen said the district has reported the incident to law enforcement.
“On our end, we’re making sure we didn’t lose data and we’re remedying the situation,” Jensen said.
Flathead County Sheriff Chuck Curry said tracing suspects involved in cyber crime such as ransomware is difficult at the local level because suspects may be located anywhere in the world.
Questions or concerns may be directed to Jensen at 406-837-7400.
Hilary Matheson is a reporter for The Daily Inter Lake. She may be reached at 758-4431 or firstname.lastname@example.org.