Ransomware Threat Continues to Grow as Lawmakers Take Interest
In February, teachers at the 53 schools in Horry County, S.C., arrived at work to find they could not access the data on their computers.
The first teacher to contact the IT department complained that she could not open her documents and presentations, and they had filenames ending with a .encryptedRSA extension. As other teachers called, the school district's IT workers quickly realized that they had been hit by ransomware, and they took drastic steps, Charles C. Hucks Jr., executive director of technology for Horry County Schools, told members of the Senate Judiciary Committee Subcommittee on Crime and Terrorism on May 18.
"After the third school called with reports of encrypted files, the decision was made to shut down all district servers—well over 600—in an attempt to stop the encryption from continuing," he said. "It was big, and it was virtually everywhere."
Calling the incident "one of the most disruptive events in our history," Hucks told lawmakers that while it's easy for security experts to tell businesses to have good backups and never pay a ransom, the reality is that recovery is so difficult that paying criminals a fee is cheap by comparison.
In a Senate hearing, the chief of technology of a school district that suffered a ransomware attack tells legislators that the incident was "one of the most disruptive events in our history."
"Even when backups exist, a restoration effort of this size to remote servers can take weeks and weeks, and each day [that] students and teachers do not have access to data that has been encrypted has a dollar value which rapidly exceeds the cost of … paying the ransom," he said in prepared comments.