The attack encrypted all of the data on school district servers, including multiple data backups and a few hundred district computers, which caused all access to data like teacher communications, student schedules, grades and assignments to be blocked, according to a statement from Athens ISD.
During an emergency Athens ISD board of trustees meeting Wednesday, the board voted to pay the ransom amount of $50,000 in cryptocurrency. Athens ISD does have insurance coverage for cyberattacks and a claim is being processed.
"We can't afford to not pay it," AISD Board President Alicea Elliott said. "It would take us months to rebuild all that data so that we could start school."
In response to Facebook comments questioning the payment of ransom, Athens ISD wrote it's a risk to pay the attackers, but they are told attacks don't often happen again.
"The alternative, not to pay and definitely not recover data, is the greater evil in this case," the district responded to commenters. "No denying this is distasteful. We have opted to follow the advice from the Center for Internet Security team who has vast experience with these situations, as well as the team from Region 10 Education Service Center. They all advise the same. In this case, the alternative -- permanent loss of many years' worth of records and delaying the start of school for many weeks, if not months, is simply the greater evil, not to mention the worst option for our students."
According to the FBI, ransomware is defined as malware that encrypts files on a computer or server to make the technology unusable. Cybercriminals will then demand ransom to decrypt the victim's data. The FBI does not recommend paying a ransom in the event of a cyberattack.
"Paying ransoms emboldens criminals to target other organizations and provides an alluring and lucrative enterprise to other criminals," the FBI's website states. "However, the FBI understands that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers."
Because of the attack, school will now begin Aug. 10 instead of Aug. 3. Superintendent Dr. Janie Sims said parents will be notified by Aug. 6, if the one-week delay will have to continue by an additional week.
"The first thing we want to do is ensure our staff and student families that, to the best of our knowledge, no personal data has been compromised," Sims said. "Whoever is behind this attack has not taken the information; they have encrypted it so that we have no access unless we meet their ransom demand."
The Athens ISD technology department is working with teams from the Region 10 Educational Service Center and a division of the Center for Internet Security to resolve the situation.
"They have indicated [our IT department] could not have done more to mitigate this happening," Sims told the board. "This has happened to at least 6 or 7 other districts in East Texas. We prepared as much as we could. There's no way to be 100 percent safe."
©2020 Tyler Morning Telegraph, Distributed by Tribune Content Agency, LLC.
