Athens ISD recovers main files; no ransom paid
There won’t be a ransom after all.
Athens ISD announced today its IT department has restored the district’s most important files from a redundant backup.
Wednesday afternoon, the school district announced it had been a victim of ransomware with nearly all of its data encrypted. The hacker demanded $50,000 for a decryption key. During an emergency meeting Wednesday, the school board voted to pay the ransom and move school back one week because of the consequences of having to rebuild the data from scratch.
But while the district negotiated with the hacker -- lowering the proposed ransom to $25,000 in the process -- the IT department continued to work. Thursday night, the work paid off.
“Though the payment was approved, we never stopped trying to find a solution,” said AISD Superintendent Dr. Janie Sims. “The board deserves credit for recognizing how dire the loss of data would have been to our district, requiring months to rebuild, delaying the school year significantly, and ultimately costing us much more than the ransom amount.”
School district officials say there is still work that needs to be done, but they now expect school to start on Monday, Aug. 10.
Below is from the AISD announcement.
On Tuesday morning, the tech team at Athens ISD became aware the district had fallen victim to a ransomware attack, which encrypted many years’ worth of vital data stored on school district servers. On Wednesday, the AISD Board of Trustees authorized payment of up to $50,000 to cybercriminals in return for a crypto key to unlock the data. At the same time, the district’s IT department, aided by regional and federal cyber response teams, executed a careful and meticulous response protocol with the hope that one of the backup systems might yet hold uninfected data. On Thursday, the second backup server was analyzed, and there it was: an uninfected Skyward backup only a few days old.
“It felt incredible,” reports AISD Technology Director Tony Brooks, who has worked nearly round the clock since discovering the attack. “The Skyward database is the most important one we have.”
Skyward went back online Friday afternoon, making it possible for student registration to continue in preparation for a virtual return to school. At this time, the new Aug. 10 start date seems likely to remain in place, though an announcement will be made as soon as possible in the event more time is needed for recovery.
“We’ve built a new domain controller and recovered Skyward, but we have a lot of work left to do. Everything will be brand new when we’re done. We have to make sure all the data is clean,” said Brooks. “We won’t be able to recover data from employees’ individual computers. We’ll have to go to every computer in the district and install new hard drives.”
===
Our Sponsors
This site is free thanks to Athens Screen Printing, HP Overhead Door Company, Speedy Tech Repair, and Tinsley Law & Title. Please say thank you by visiting their Facebook page.
