ATHENS, Texas (KETK) – Athens ISD announced Friday afternoon that they were able to retrieve information from a backup server and a ransom that was demanded from a cyber-criminal would not be paid.
On Wednesday, it was announced that the district had fallen victim to a ransomware attack which encrypted many years of vital data stored on servers. The attack meant that the files could not be accessed.
The school board held an emergency meeting and approved to pay the ransom to the attacker, which was negotiated down to $25,000 after originally being $50,000.
The district said that its technology department worked nonstop with regional and federal experts to execute protocals in the hopes that a backup server might hold uninfected data. Thursday night, they located an uninfected Skyward backup only a few days old.
“It felt incredible. The Skyward database is the most important one we have. We’ve built a new domain controller and recovered Skyward, but we have a lot of work left to do. Everything will be brand new when we’re done. We have to make sure all the data is clean.”Tony Brook, AISD Technology Director
Engineers from the cybersecurity firm Fortinet have confirmed that there is no evidence any data was physically removed and no personal information was taken. Fortinet also said that the virus, which was named COVID4YOU, originated from overseas and appeared to be a new one.
According to the cybersecurity research firm Emsisoft, the U.S. was hit by an unprecedented barrage of ransomware attacks in 2019 that impacted at least 966 government agencies, educational institutions and healthcare providers.
Athens ISD Superintendent Dr. Janie Sims extended thanks to Brooks, Fortinet, and the Center for Internet Security.
“Mr. Brooks deserves a massive amount of credit for his efforts and professionalism. He worked tirelessly. And we’re also grateful for the ongoing assistance from the Region 10 Educational Service Center, Fortinet, and the Center for Internet Security.”Dr. Janie Sims
Skyward went online Friday afternoon, which made it possible for student registration to continue in preparation for a virtual return to school. School is still set to return on August 10, but the district will notify parents if this changes.