Ransomware Attacks Prominent Texas School District

RYUK Ransomware targets district just prior to its busiest time of the year

For teachers, coaches and administrators, there’s a flurry of activity and a frenetic pace that precedes the start of each school year, especially when you’re closing out a busy summer session. There are hundreds of things to think about, but there’s one issue most employees, save a few people in the IT department, rarely think about―ransomware.

For one of the state’s largest school districts, with over 30 schools covering a dozen cities, wrapping up the summer term and preparing for the upcoming school year ground to a halt once word spread that they were the latest victim of the devastating RYUK ransomware. According to the FBI, RYUK has affected hundreds of organizations in the past year. The perpetrators behind it prefer attacking cities, school districts, and hospitals because they view them as being especially vulnerable to cyber-attacks. For this school district, the ransom totaled well into the hundreds of thousands of dollars, all to be paid in Bitcoin.

How vendor relationships become long-term, trusted partnerships

The event occurred late Thursday night during a week when all staff, save a few who oversee critical functions, were off work. Due to the reduced staff, issues related to network functionality and email weren’t recognized and reported for over 24 hours. To make matters worse, the original IT consulting company they had brought in couldn’t address any of these issues.

It was late Friday night when school officials reached out to Netsync, with whom they had prior, but limited, experience. They would soon experience exactly why Netsync is widely recognized as the go-to company for hundreds of school districts to remedy IT related emergencies. They needed more than technological expertise; they needed a company that exemplifies and instills a bend-over-backwards attitude in every customer deployment to ensure they not only experience the best that technology has to offer, but do it with network security top-of-mind. They needed a technology partner that could act fast, work around the clock to address and remediate their issues, and design and deploy a security solution that would prevent future events from bringing their operations to a halt. In short, they needed Netsync.

Protecting against future threats, addressing existing ones

When Netsync arrived that Saturday, the previously unnoticed attack had a protracted amount of time to decrypt the district’s servers (within 36 hours, all had fallen victim to RYUK). It was time for Netsync’s professionals to get to work, which they did for the next 72 hours straight.

After promptly evaluating the situation, Netsync installed and configured Cisco Umbrella, which is a cloud-native platform that delivers a secure, reliable and fast Internet experience that blocks devices from command and control attacks. In addition, Netsync deployed Cisco NGFW (Next-Gen Firewall) by the next morning, then worked to get Cisco AMP (Advanced Malware Protection) deployed on over 8,000 endpoints. Cisco AMP is an intelligence-powered, integrated, enterprise-class advanced malware analysis and protection solution. Thankfully, the district had offsite backups, so restoring the servers was completed by Netsync in a timely manner. As a result, there were no disruptions to schools’ operations.

In addition to deploying Cisco NGFW and AMP to thousands of endpoints, Netsync deployed and tested additional security services, including CES (Cloud Email Security), which defends against phishing, business email compromise, and ransomware, and Cisco Stealthwatch, a robust security analytics tool utilizing industry-leading machine learning and business modeling. The school district was the latest beneficiary of Netsync’s longtime partnership with Cisco.

The comprehensive solution provides, among other things, breach prevention, rapid response, remediation, and analytics to provide advanced detection while maintaining visibility throughout the entire network. 

Now the solution, and Netsync, are providing peace of mind to the school district.