Athens ISD pays ransom for release of school data

East Texas News at 6.
Updated: Jul. 29, 2020 at 2:20 PM CDT
Email This Link
Share on Pinterest
Share on LinkedIn

From Athens ISD

ATHENS, TEXAS - As if the COVID-19 virus weren’t enough of a challenge, another type of virus has wreaked havoc for Athens ISD — this time in the form of a criminal ransomware attack. The ransomware encrypted all of the data stored on school district servers, including multiple data bakckups and a few hundred district computers. As a result, access to all data has been blocked, including teacher communications, student schedules, grades and assignments.

The attack comes at a critical time, just days before the scheduled Aug. 3 start of the school year. As a result, the first day of school must be delayed by at least a week to Aug. 10. AISD Superintendent Dr. Janie Sims said she will notify parents no later than next Thursday, Aug. 6, if the one-week delay will have to be pushed out another week.

“The first thing we want to do is ensure our staff and student families that, to the best of our knowledge, no personal data has been compromised,” said Sims. “Whoever is behind this attack has not taken the information; they have encrypted it so that we have no access unless we meet their ransom demand.”

In an emergency meeting at noon today, the board of trustees voted to pay the ransom amount of $50,000, which will be paid using a cryptocurrency, such as bitcoin. AISD does have cyberattack included in its insurance coverage, and a claim is being processed.

“We can’t afford to not pay it,” said AISD Board President Alicea Elliott. “It would take us months to rebuild all that data so that we could start school.”

“I want our families to know we will keep them informed,” said Sims. “This is a rapidly evolving and complex situation, and we are still working out the level to which we’ve been impacted and how best to respond.”

Members of the Athens ISD Technology department are working closely with teams from the Region 10 Educational Service Center and a division of the Center for Internet Security to resolve the situation.

“They have indicated [our IT department] could not have done more to mitigate this happening,” Sims told the board, noting later: “This has happened to at least 6 or 7 other districts in East Texas. We prepared as much as we could. There’s no way to be 100 percent safe.”

According to the cybersecurity research firm Emsisoft, the U.S. was hit by an unprecedented barrage of ransomware attacks that impacted at least 966 government agencies, educational institutions and healthcare providers.