Cloquet schools suffer 'ransomware' attack
The Cloquet school district was the victim of a malicious computer software attack last week that resulted in the equivalent of a lock on much of its information, and a $6,000 ransom demand to have it released.
School was canceled Thursday so technology employees could work on the problem. The district, which relies heavily on technology in its curriculum, had to erase the contents of its computers and reinstall necessary programs. It did not pay the ransom, said superintendent Ken Scarbrough, and sensitive student and staff data was not breached. That information is stored externally.
"It's very frustrating," Scarbrough said, noting he appreciated that the neighboring districts of Esko, Carlton, Moose Lake and Barnum offered the help of their technology employees.
The malware corrupted and encrypted most of the district's servers.
"We're not 100 percent sure what triggered the attack," said Cloquet technology coordinator Yvette Maijala.
But from what she's learned of such malware, it's likely someone opened an attachment that led to the spread of the virus, she said.
Information on how the system could be restored by paying $6,000 in bitcoin, a digital currency, was included in the attack. Such transactions are generally untraceable.
The Cloquet Police Department was notified and it contacted the local FBI office, which brought in its cyber crimes division, said Cloquet commander Derek Randall.
He said the district may not have been a specific target. The attack could have been a "numbers game" he said, with the hacker putting out the virus to many places hoping it would spread.
Media companies, hospitals and businesses have been recent targets nationally.
"Some will reimage computers like Cloquet did, and some will pay," depending on the sensitivity of the data, said Danika Brinda, an assistant professor in the health information management department of the College of St. Scholastica, who specializes in privacy and security.
Brinda mentioned the recent malware ransom attack of the Hollywood Presbyterian Medical Center in California, which paid $17,000 in bitcoin to regain control of its electronic health records.
"A lot of people went back and forth on that," Brinda said. "You don't want a data breach, but you don't want to encourage hackers to do this and get money for it."
It's becoming a popular way to hack into systems, she said, and is different from what people normally think about when they think of hackers.
"We used to think about gaining access to control data," she said. "This is looking to lock away data ... they get the funding without doing anything with the data."
In Cloquet, email and SmartBoards were affected, along with phones, school bell and food service systems. The middle school has a one-to-one device program for students that was affected.
"It's pretty debilitating," Maijala said. "I think our superintendent did the right thing in giving us time to focus on trying to get our systems to the point where we are safe and can continue to function. It's a very lengthy process."
Brinda said other school districts have been targeted.
"It's just another avenue," she said. "No industry is safe."
She suggested ensuring that computer operating systems are up to date with security patches, a current version of an antivirus software is in use and a "robust" firewall is in place.
"The biggest thing, from a personal and employee standpoint," she said, is be cautious about what you are clicking on and opening.
If something is suspicious, even from a sender you know, delete it and notify technology support, she said.
Cloquet schools were expected to be back in session Friday.