Texas school district paid $547K ransomware demand
A school district near San Antonio acknowledged this week that it recently paid ransomware actors nearly $550,000 to regain access to its systems and stop the publication of student and staff data after it was attacked earlier this summer.
The Judson Independent School District, located in Bexar County, Texas, acknowledged the payment in a statement on its website, stating that officials resigned to coughing up $547,045.61.
“While these are funds that we would have rather spent on the needs of our employees, students and their families, there was no other choice for the district to ensure your safety – our number one priority,” reads the statement published Wednesday.
Judson, which educates about 24,000 students and employs nearly 3,200 people, first reported June 18 that its networks had been compromised by an apparent ransomware attack, which was confirmed about a week later. While school officials were quick to call state and federal officials and outside vendors, and to notify staff and families of students, the attack knocked out much of the district’s tech assets, including phone systems, email accounts and Wi-Fi networks.
Those systems remained down for nearly a month, prompting Judson ISD to set up offsite phone lines to give people information about services like summer class schedules and transportation options for students. The district also set up temporary mobile Wi-Fi hotspots.
The disrupted communications systems were finally restored July 20, a delay that officials attributed to “the acceleration of key upgrades to reinforce the security of our systems in preparation for the 2021-22 School Year.” But about that same time, Judson ISD Superintendent Jeanette Ball told a San Antonio publication that the district had made a payment after hiring BlueVoyant, a cybersecurity company that specializes in negotiating with ransomware actors.
A document obtained by KSAT, an ABC affiliate in San Antonio, shows that the $547,045 payment was initiated June 29 and received July 12. The hackers responsible for the incident have not been identified, but on July 29, that sum would’ve purchased about 15.75 bitcoins — ransomware actors’ preferred currency.
“We understand there are still many questions about this disruption that need to be answered, and we are working around the clock to be able to provide you with information about what occurred, how we addressed the situation and will work to protect individuals whose data was affected, and what steps you should consider to further ensure your personal information remains safe, private and secure,” the school district’s Wednesday statement read.
Nationally, K-12 school districts have been advised to brace for an increase in cyberattacks in the upcoming school year, with the nonprofit Center for Internet Security warning Thursday that it expects incidents to rise by 86%, coming off a 2020-21 academic calendar in which cybercriminals frequently attempted to exploit vulnerabilities created by widespread remote learning — often reaping bounties from districts that were compelled to pay up.
Josh Moulin, a CIS senior vice president, told EdScoop that like other organizations with an internet footprint, school districts need to prepare for cyber disruptions “just like earthquakes and pandemics” by practicing better cyber hygiene and developing incident-response plans.
“This is one of those situations where cyber cannot be viewed simply as an IT problem,” he said.