Athens ISD will pay $50,000 to get school district computer data returned after a criminal ransomware attack. Because of the attack, the first day of school will be delayed by a week.
The attack encrypted all of the data on school district servers, including multiple data backups and a few hundred district computers, which caused all access to data, such as teacher communications, student schedules, grades and assignments, to be blocked, according to a statement from Athens ISD.
During an emergency board of trustees meeting Wednesday, the board voted to pay the ransom amount of $50,000 in cryptocurrency.
The district has insurance coverage for cyberattacks, and a claim is being processed.
“We can’t afford to not pay it,” board President Alicea Elliott said. “It would take us months to rebuild all that data so that we could start school.”
In response to Facebook comments questioning the payment of ransom, Athens ISD wrote it is a risk to pay the attackers, but the district is told attacks don’t often happen again.
“The alternative, not to pay and definitely not recover data, is the greater evil in this case,” the district responded to commenters. “No denying this is distasteful. We have opted to follow the advice from the Center for Internet Security team who has vast experience with these situations, as well as the team from Region 10 Education Service Center. They all advise the same. In this case, the alternative — permanent loss of many years’ worth of records and delaying the start of school for many weeks, if not months — is simply the greater evil, not to mention the worst option for our students.”
According to the FBI, ransomware is defined as malware that encrypts files on a computer or server to make the technology unusable. Cybercriminals then will demand ransom to decrypt the victim’s data. The FBI does not recommend paying a ransom in the event of a cyberattack.
“Paying ransoms emboldens criminals to target other organizations and provides an alluring and lucrative enterprise to other criminals,” the FBI’s website states. “However, the FBI understands that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees and customers.”
School now will begin Aug. 10 instead of Monday. Superintendent Janie Sims said parents will be notified by Thursday if the one-week delay will have to continue by an additional week.
“The first thing we want to do is ensure our staff and student families that, to the best of our knowledge, no personal data has been compromised,” Sims said. “Whoever is behind this attack has not taken the information; they have encrypted it so that we have no access unless we meet their ransom demand.”
Sims said the ESC and the nonprofit Center for Internet Security indicated the district’s information technology department probably could not have stopped the attack.
“This has happened to at least six or seven other districts in East Texas,” Sims told the board. “We prepared as much as we could. There’s no way to be 100% safe.”