As per principal Rachel Williams, the staffs of Hawera High School in South Taranaki found a message asking for ransom for returning encrypted data that is on the server when they switch on their computers.
Williams further added that the encrypted data contained teaching resources and students’ work, and the anonymous computer hacker asked for US$ 5000 in the form of bitcoin from the school so as to return the course work. However, the police has adviced the school not to pay ransom to the hackers.
The school’s website, records of staffs and students, and email correspondences remain unaffected despite of the hack. The school has been undergoing an audit with insurers and NZQA (New Zealand Qualifications Authority) to find exactly the data that has been lost. However, in order to avoid further attacks, the school has temporarily taken down its entire network offline. The connections that are currently being used in the school to run internet is through the datacard or a mobile hotspot. The provincial high school has already sent notifications on high priority to staffs and parents regarding the hack.
Phil Nixon, Chairperson of Board of Trustees, said that “the local firms have been very good to step up because we do have to scan every piece of equipment that connects to the network to make sure there is no virus in that equipment.” For instance, 4U Computer Solutions, a local computer repair service, has offered its services to scan all computers, USB devices and laptops belonging to the staffs and students free of cost for checking the viruses.
The network provider of school, Ministry of Education, and the forensics experts from police are together working to find out the intrusion source. Information from Ministry of Education and police suggest that some intrusions were carried out in dormant phase, and only now have become active.
As per a statement of Damian Rapira-Davies, Cybercrime Unit of Police – Detective Sergeant, “a known variant of ransomware malware had been identified as causing the issue, and inquiries were continuing into the case”.
Williams said that they are working with the police for assessing the damage and also risk associated with their network, before they go online again. However, she added that the exact timeline cannot be provided right now.