Ransomware extends Christmas holidays at Michigan schools

Thousands of ransomware attacks were reported in the US throughout 2019, although this year it has started in a similar way. An information security firm reported an incident in a Michigan school district, which was attacked with a ransomware variant; in exchange for regaining access to the compromised systems, hackers demand a ransom of $10k USD in Bitcoin.

Representatives from the affected school district mention that the Richmond Community Schools servers were infected with encryption malware during last Christmas vacations, affecting multiple technological implementations.

Due to the impacts and as an information security measure all activities in three schools were suspended indefinitely, as the systems affected in these facilities are considered critical; on the other hand, local authorities say that the personal information of academic & administrative personnel and students is completely secured.

Brian Walmsley, superintendent of Richmond Community Schools, says authorities have decided not to pay the ransom to hackers: “No one guarantees that we will regain access to our servers in case we pay the ransom. We will retrieve the information on our own.”

Walmsley added that, as part of the information security incident management process, the district is migrating its critical information to backup servers, and that activities will return to normal shortly: “If everything goes as it does operations will have to resume next Monday,” he concluded.

Ransomware attacks remain one of the main information security threats for companies in the US and the rest of the world. Schools, hospitals, private companies and public organizations around the world report encryption malware infections in a daily basis. During December 2019 alone, three high-profile incidents were reported affecting organizations in multiple locations in the US, including Pensacola, New Orleans, among others.

According to a report by information security firm Emsisoft, during 2019 about 113 government agencies (state and federal), 760 medical service providers and 89 universities suffered ransomware infections in the U.S.

This is not the worst, as specialists from the International Institute of Cyber Security (IICS) say it could be a matter of time before a new wave of cyberattacks begins, which could have disastrous consequences for companies affected, especially in the case of health services, where even human life is compromised.