Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Education Security Crime IT Your Rights Online

NJ School District Hit With Ransomware-For-Bitcoins Scheme 167

An anonymous reader sends news that unidentified hackers are demanding 500 bitcoins, currently worth about $128,000, from administrators of a New Jersey school district. Four elementary schools in Swedesboro-Woolwich School District, which enroll more than 1,700 students, are now locked out of certain tasks: "Without working computers, teachers cannot take attendance, access phone numbers or records, and students cannot purchase food in cafeterias. Also, [district superintendent Dr. Terry C. Van Zoeren] explained, parents cannot receive emails with students grades and other information." According to this blog post from security company BatBlue, the district has been forced to postpone the Common Core-mandated PARCC state exams, too. Small comfort: "Fortunately the Superintendent told CBS 3’s Walt Hunter the hackers, using a program called Ransomware, did not access any personal information about students, families or teachers." Perhaps the administrators can take heart: Ransomware makers are, apparently, starting to focus more on product support; payment plans are probably on the way.
This discussion has been archived. No new comments can be posted.

NJ School District Hit With Ransomware-For-Bitcoins Scheme

Comments Filter:
  • by FlyHelicopters ( 1540845 ) on Thursday March 26, 2015 @12:44PM (#49347215)

    ...they went after these criminals.

    If our government actually did something about stuff like this, I think people would believe in their government a bit more, but as it stands, it seems like the NSA and such only want to either spy on us or topple governments that don't tow the line for the US.

    I cannot imagine that finding these criminals is beyond the abilities of the US Government, it just seems like they don't even try.

    • Re: (Score:3, Insightful)

      by OrangeTide ( 124937 )

      And why would the NSA potentially reveal the techniques just to capture some crooks? That classified information is surely worth more than the $128K. If it were up to the NSA, they would just pay the ransom and focus on finding terrorists instead.

      • Why would the NSA have to reveal anything? I'm imagine they are "taken care of" in a way that means revealing nothing.

        We're already assassinating leaders of terrorist groups. I don't know why ransomware rings affecting government institutions would not qualify.

        • Why would the NSA have to reveal anything? I'm imagine they are "taken care of" in a way that means revealing nothing.

          So you have no philosophical objection the the NSA acting completely outside the law, as long as they're doing things you approve of?

          • So you have no philosophical objection the the NSA acting completely outside the law

            Everyone else is acting completely outside the law these days, and the law has been built up over time to give too many protections to guilty people, so I've pretty much stopped caring.

            My objections are on the level of "well, I wouldn't do it personally, but whatever".

            Especially for the guys that encrypt other people's data and ransom that. Who cares what happens to those jerks.

      • surely it is the FBI who would have jurisdiction in a case such as this.
    • by jeffmeden ( 135043 ) on Thursday March 26, 2015 @12:55PM (#49347377) Homepage Journal

      ...they went after these criminals.

      If our government actually did something about stuff like this, I think people would believe in their government a bit more, but as it stands, it seems like the NSA and such only want to either spy on us or topple governments that don't tow the line for the US.

      I cannot imagine that finding these criminals is beyond the abilities of the US Government, it just seems like they don't even try.

      The thing is, if they did, you would never know about it. It may seem like they don't even try, and they might not be, but they could also be defeating 95% of it. With a mission that is by design clandestine, no one may ever know until our kids get a peek at the public records dump 50 years from now.

      • Even if they're not proactively attacking these malicious internet actors, the least the NSA could do is offer to restore the data from the latest copy in their vaults. Part of computer security is backups, and if they're going to be snooping on your data anyway, they might as well bill it as an automatic backup service.

        But they can't even do that much.

    • The NSA is a spy agency. You want the FBI, who actually does go after these things.

      • Fair enough.... My next question is... if the FBI called the NSA and said, "we want to catch these guys, can you help?", would they?

        Should the CIA/NSA/FBI be different agencies, or should they be one with the single goal of protecting Americans against crimes committed while respecting the US Constitution in the process?

    • by whitroth ( 9367 )

      Sorry, not their job.

      HOWEVER, there's this other three-letter organization whose job it *is*, and who are likely to be all over this one: the FBI.

                  mark "let them do what they're *supposed* to be doing"

      • by sjames ( 1099 )

        Well, we know the NSA doesn't mind sharing info w/ the DEA.

        At least they could for once do something helpful. Unlike the DEA cases, there is a high probability that the bad guys are not U.S. citizens or operating within the U.S.

    • by GuB-42 ( 2483988 )

      - Finding these criminals may not help make the computers run again.
      - Finding these criminals may be beyond the abilities of the US Government. The NSA is not all powerful, the simple fact that Snowden's leaks exist prove it.
      - If the criminals are not in the US, this greatly limits the abilities of the US justice.
      - Solving the problem probably involves first paying the ransom.
      - If the NSA actually helps finding the criminals, I seriously doubt it will be public.

      • - Finding these criminals may not help make the computers run again.

        No, but it would prevent them from doing it again.

        - Finding these criminals may be beyond the abilities of the US Government. The NSA is not all powerful, the simple fact that Snowden's leaks exist prove it.

        True, but I'd be shocked if finding THESE SPECIFIC criminals was beyond the US Government.

        - If the criminals are not in the US, this greatly limits the abilities of the US justice.

        If they are US citizens, then they deserve their rights and day in court. If they are not and can be reached by US Justice, then follow that path. If they are beyond the US Justice system, then they are enemies of the state and attacking US citizens is an act of war and the military should deal with them.

        - Solving the problem probably involves first paying the ransom.

        I'd rather spend triple the money to NOT pay the ransom and refo

    • Forget the NSA , take that $128K add some more and hire some really really good hackers .
    • So if they caught these asshats the total surveillance state they (the NSA) built is justifiable? The ends justify the means... I can't say I agree with you.

      • Perhaps "wouldn't mind" is the wrong word.

        Gunnery Sergeant Hartman: I'll bet you're the kind of guy that would fuck a person in the ass and not even have the goddam common courtesy to give him a reach-around.

        We get it, NSA. You're going to break into my computer, spy on everything I do, 24/7, keep me under your microscope. For "national security." Got it. But as long as you're fucking me in the ass...Jesus Christ could you nail the assholes who are holding schools for ransom? Do the whole "at least the trains run on time" thing?

        (I know Mussolini's trains didn't, but...try.)

      • by sjames ( 1099 )

        No, but the fact that they don't shows that they are fully committed to the idea that American Citizens are the enemy.

      • So if they caught these asshats the total surveillance state they (the NSA) built is justifiable? The ends justify the means... I can't say I agree with you.

        I didn't say it was justifiable, I said I wouldn't mind so much...

        While I still would be against it, at least there would be something positive about it. Not everything is black and white.

    • by rtb61 ( 674572 )

      The US does not back coups https://www.youtube.com/watch?... [youtube.com], bwa ha ha, except when they do https://www.youtube.com/watch?... [youtube.com].

      Now if was done to an insider corporation or corporate executive, you can bet, they all would go all out to track the criminals down and have it solved in short order.

    • by Cito ( 1725214 )

      I can tell you exactly how to solve this problem.

      First send me 500 bitcoins, then I'll tell you. :-P

  • used to get fake threats during exams. this ain't a fake.
  • by xxxJonBoyxxx ( 565205 ) on Thursday March 26, 2015 @12:46PM (#49347245)

    >> the Superintendent (said) the hackers did not access any personal information about students, families or teachers

    He knows this because the hackers told him?

  • by OrangeTide ( 124937 ) on Thursday March 26, 2015 @12:47PM (#49347251) Homepage Journal

    Maybe 200-500 computers. Is the ransom higher than what it would cost to replace everything? (maybe not enough to replace them with Macs, but Linux and Chromebooks are possible). How many computers does a district with 1700 students really need to get the basics done?

    Just seems like a steep ransom to me. Especially since if I replaced all the computers, the old equipment is worth something and I could probably auction it off.

    The data is gone if you don't pay the ransom (or crack the encryption). Sadly I don't have a way to resolve that problem, other than to start over again and hopefully anything important has backups. (ideally in a form that doesn't spread infection)

    • by Anonymous Coward

      With every passing day and every new incident, it becomes clearer and clearer that we really have only one option when it comes to operating system software: OpenBSD.

      OpenBSD has proven itself, over many years, to be extraordinarily secure and robust. The OpenBSD developers don't treat security as an afterthought; it's their primary concern. That's why it's such a solid OS, and about as secure as one could ever hope to get.

      While it isn't always possible to retroactively fix mistakes, like using non-OpenBSD o

      • Re: (Score:2, Funny)

        by Anonymous Coward

        OpenBSD is a great option for a school, because the safest computer is one where there is no software for it at all.

        But having no computers is still cheaper and more secure.

      • TIL OpenBSD has built in anti-trojan tools, and the ability to secure browsers from their own memory corruption holes! WOW!

    • They are ransoming the data, not the computer. The computers can simply be reinstalled by an hourly contractor to get rid the ransomware. The data on the other hand, cannot be recovered.

      • So their only copy of the student roster is gone? they can't even take attendance? they don't have back-ups?

        Surely this is a problem that can be solved with money, and significantly less than $128K. (the point of my original post, I wasn't suggesting we actually replace all the computers, just that the ransom seemed a bit high)

    • Why would they replace the computers? You just restore from backup, or worst-case reinstall the OS from scratch, block Flash so they don't get reinfected, and you're done.
    • You obviously have never worked for a school district. $128K is enough to buy like 50 refurbished windows XP computers, with 20 year warranties.
      • Actually I have been an IT contractor for a school district, that was my third job. But back then $128K could buy a lot of ARCnet adapters and NetWare licenses.

    • The computer are just fine, format and reinstall. The data (files, database, pdf, doc) are locked and encrypted. That's what worth something to pay for... or not.
    • by guruevi ( 827432 )

      Why do you need to replace the computers? Wipe them and reinstall them. They do have backups of their important data on non-Windows-systems don't they?

      Reason #2 why you don't have your backup systems connected into Craptive Directory (#1 being that if your directory needs to be restored, you should be able to login to your backup system).

  • why didn't they just install some mining software? Sure, it's going to take a while to mine 500 bitcoins, but nobody would have ever known they were there. Instead they take the showboating route. it's like they need to know people know about them to stroke their egos. I bet they deliver some bloated soliloquy at a key moment and ruin their entire plan.
    • by itzly ( 3699663 )

      It would take forever to mine 500 bitcoins on regular PCs.

    • I bet they deliver some bloated soliloquy at a key moment and ruin their entire plan

      Not if they're being led by Veidt. Then you get the bloated soliloquy 30 minutes after the plan was executed.

  • No backup system to restore from? Systems linked that should not be linked together? As for classroom computers, fuck it, reimage those suckers. This should not be happening and in the IT dept. heads need to roll. I'm head of IT for a school board and I'm telling you that this should not have happened or at the very least the affected number of computers should be much lower.
    • Re: (Score:2, Informative)

      In case you're not familiar, let me give you the breakdown. The worst educated, fat, smoking, abrasive personality, asshole nurses work at kidney dialysis places. That's simply where the worst possible employees end up from that career field. The worst IT workers end up at schools. It's low pay and higher demand than corporate environments, the budget is a joke, and they're perpetually understaffed. So you get some clueless moron who can't hold down a real job working as the IT administrator at any give
      • People are going to disagree with you, but this is true. Universities employ some good people, but K-12 education is the absolute bottom of the barrel for IT staff. The schools that buck this trend are few and very far between.
    • That was my thinking. We routinely back up the important stuff in my district. This would have been a headache, but the data would have been reasonably safe.
  • This is a great time to consider swapping out Windows-centric systems and making the break for the cloud and open source toolsets. There, I said it. The only thing lacking in this niche is inertia, but.. soon the schools will figure out that the students are intelligent and can be involved in the configuration/maintenance. Ok. well..maybe not K-12, but quite possibly grades 9-12. Whats local doesn't matter - this changes so much. Put data in a school cloud, and the schools will become just another place
    • And it's even a better time to learn about backups, redundant systems and testing. No matter what your system is computer, papyrus, chiseled rock, something is going to come along and screw it up. If you need the data to keep doing your job, you need some sort of backup system.

      And especially if it is a computer system connected to the Internet.

      You can lose your lunch money on an open source system just as well as a proprietary one.

      Murphy cares not for your screed.

  • I can't understand in a case like this why they can't restore the system from some earlier backup (well, I can, but it seems absurd they are not able to).

    If nothing else just whip the system and re-install software. It seems like they could recover email addresses from servers the emails went through before... perhaps they would be without some records but you can't go on like this. Even if you pay the demands and unlock everything you'd have to reinstall everything from scratch anyway.

  • It sounds like this is something would would be noticed shortly after they were locked out. If so, then why not just recover from nightly backups to the point prior to being locked out. You shouldn't lose much data, if any, assuming that it was caught right after being locked out.

    Of course, this all falls down if they weren't doing proper backups.

    • If you talk to a school administrator and ask them to recover from the nightly backups, you are likely to get a blank stare back.
      School districts and schools couldn't be worse set up to deal with complex system recovery.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      What if they pulled their good backup tapes off the shelf, plugged them into one of their infected, online desktops, and the tapes got re-encrypted? Repeat as necessary until there are no more tapes. Then ask another IT admin for help, and learn about write-protect tabs too late for this time.

      [ I wish I could say I hadn't seen this before ]

  • It's funny that schools got along without computers for thousands of years, now all of a sudden they're required. Well how about going the non electronic route until the problem is solved...... not that hard to figure out.
    • It's funny that schools got along without computers for thousands of years, now all of a sudden they're required. Well how about going the non electronic route until the problem is solved...... not that hard to figure out.

      They can and will. The issue is not the current ability to keep track of things but having to update the electronic records once the system is back. The electronic record is used to compile transcript, verify required attendance, select valedictorians, etc. Depending on how long it takes to restore from a backup it will take a while to catchup. Now, if the system lost the master records then they have a much bigger problem but even then a proper backup scheme would minimize the impact of such a loss.

      • The master records should never reside at the school or even the school board in the first place, thanks to nightly back ups and redundant copies of critical data, they have nothing to worry about. As for catching up once the system is unlocked, that is just simply a case of data entry, which is time consuming but can get done if you just do it, so again, no real issue. The software should be flexible enough to not care when the data gets entered so that shouldn't be an issue and if it is, time to look fo
  • by slashmydots ( 2189826 ) on Thursday March 26, 2015 @12:58PM (#49347425)
    The US government needs to immediately make it illegal to pay these types of ransoms. You have no idea what group is collecting the money or what they're going to do with it so just simply make it illegal. That will stop most of these ransoms from happening.
    • Indeed, once something is made illegal, no one ever does it again!
      • Indeed, once something is made illegal, no one ever does it again!

        ...while the media is focused on them

      • by sjames ( 1099 )

        The hope is that the schools, law abiding individuals and corporations will obey the law and not pay (admittedly, the corporations might be problematic, not a lot of respect for law there).

        The idea is that if the targets won't pay because they aren't willing to break the law, then the crooks end up with an all risk but no reward scenario and move on to something else.

    • They really do, though. It's only a matter of time before governments start paying out these randoms using taxpayer funds to cover up the cost of IT staff incompetence. If it were illegal to pay them out then we'd see more idiots get fired and more competent people hired to clean up the mess instead of paying randsom money to shady criminals.
  • None of what they are unable to do now even requires computers. Just get out your fucking pencils and carry on.

  • by Anonymous Coward

    My wife's district uses Microsoft Dynamics, and the piece of garbage, that has never printed a correct pay check, lost its activation so the district could no longer print pay checks, accept payments for lunch, pay bills, etc.. They couldn't even look-up contact info for vendors to call them to give them a heads-up about the late payments. Microsoft really fucks over people with their activation garbage. This isn't like the rest of us that have to suffer with the Office garbage losing its activation so w

    • by Anonymous Coward

      This! My taxes are due in less than a month, but I haven't received a 1099 yet. I work for a Microsoft-related company so they were forced to use Dynamics. The company switched to a volume license and the Microsoft Certified Partner now can't get Dynamics to start. Even stranger is that with the Dynamics crap, you don't activate the software. You activate the database. That means if you have several companies sharing the same database, a single activation problem will cause Microsoft to not allow any

    • by Anonymous Coward

      MBAs worry so much about risk, but then they bet the entire business on Microsoft's activation system not losing its activation. How stupid do you have to be to intentionally have your business depend on something that could at any minute decide to stop running? It's bad enough having Microsoft lock-out individual computers and applications due to their activation bugs, but your accounting system? And, I know from experience with a previous employer that Dynamics activates the central database instead of

    • by Anonymous Coward
      That pretty much sums it up. Ransomeware from M$, or from a virus, same thing. Smart people ditch it and get Linux.
  • Make the attackers go through the school district's purchase order approval process to get their money. The computers will be restored in a few months with no payout.

  • This suspiciously sounds like CryptoWall. I'd be willing to bet that an admin or other highly privileged user got infected and had the keys to the kingdom sitting on a mounted network drive.

  • I think they'd come out ahead if they nixed the testing, and used the savings to pay the ransom -- and in the intervening period actually teach the kids. As in teach, not teach to the test.

  • Oh look, Cryptowall/Cryptolocker hits a school/business/home/whatever.

    Shoulda had AV installed. Shoulda had backups.

  • This has been happening since at least a year ago. There's nothing at all about this story that raises it to the level of "news"

  • Why didn't they simply restore backup images? If they are too lazy to have set up a server that automatically backs up images incrementally they need to fire the entire administrative staff and bring on thinking people that can properly prepare for disaster recovery.
    • Well, you don't really known when the ransomware was installed. You could have a perfectly sane backup policy, and still be left with no backup that doesn't contain the ransomware, if the criminals are patient enough for all of your backups to age out.

      At the same time, they can only go back so far, because student records stored in increasingly old backups will be increasingly stale.

  • ... Matthew Broderick could still find a way to log in to the system.

  • Offline backups and live images.
    infected? shut down the network, reboot the image on the system. Restore lost data from offline backups.
    Find the hole (likely some dumbass that has already been told 37,000,000 times to quit opening strange attachments- fire them with extreme prejudice), fix it, and put it all back online.

    No ransom paid, minimal if any loss, and this trend dies off like it should have the day it was born.

  • by Okian Warrior ( 537106 ) on Thursday March 26, 2015 @01:48PM (#49347971) Homepage Journal

    "Without working computers, teachers cannot take attendance, access phone numbers or records, and students cannot purchase food in cafeterias.

    One can only wonder how difficult it was to teach highschool before computers.

    How did our ancestors manage?

  • What if we get ransomware combined with the firmware level exploits as seen in the "Equation Group" hacks.

    Shudder.

  • by viperidaenz ( 2515578 ) on Thursday March 26, 2015 @03:09PM (#49348849)

    Bitcoins are tracable. Spend another 10k and hire a meth addict hitman.

  • by imidan ( 559239 ) on Thursday March 26, 2015 @07:13PM (#49350769)

    FTFS:

    the district has been forced to postpone the Common Core-mandated PARCC state exams

    But the Common Core DOES NOT mandate any particular exam or evaluation instrument of any kind. PARCC is, according to Wikipedia, "a coalition of 12 states and the District of Columbia that are working to create and deploy a standard set of K-12 assessments in math and English." PARCC is basing their assessments upon the Common Core standards, but it is PARCC that mandates the exams, not Common Core.

    Common Core is, literally, just a list of skills that students should have at various grade levels. For example, sixth grade math students are supposed to be able to "Write, read, and evaluate expressions in which letters stand for numbers." That simple statement, and many like it, make up the Common Core. It has nothing to do with mandating exams.

    The Common Core standards are freely available on the web, in case you would like to look at them: http://www.corestandards.org/r... [corestandards.org]

Beware of all enterprises that require new clothes, and not rather a new wearer of clothes. -- Henry David Thoreau

Working...