Hackers take Alpena school data hostage; FBI advises 'don't pay ransom'

Travis Conner, Alpena School District Technology Coordinator works to restore the school's...
Travis Conner, Alpena School District Technology Coordinator works to restore the school's servers after ransomware attack. (KY3)
Published: Dec. 15, 2016 at 10:30 PM CST
Email This Link
Share on Pinterest
Share on LinkedIn

Travis Conner is rebooting servers and destroying any trace of ransomware which took data hostage from Alpena Public Schools.

Conner has been holed up in a small server closet for two days.

Two weeks ago, someone in the district opened an e-mail with a zip-file attachment which was disguised to look legitimate.

The ransomware infected the computer, encrypting and hiding all files except a single "Read Me" file, a ransom note. Before the user realized what was going on, the file was copied to a shared folder where it infected 2 servers and spread across the district.

"When I first found it on this machine the first thing I did was disconnect it from the network," says Conner.

The hackers who send out the ransomware want organizations to pay a ransom in exchange for a decryption key which in theory would help you recover the lost data.

The Little Rock field office of the FBI issued an alert on Thursday advising organizations NOT pay ransom for data, because it encourages criminals and they still may not give your files back.

"In my opinion, there's not any file that we've created internally that's so important that we should have to pay somebody who's holding our files hostage," says Alpena School Superintendent Dr. Andrea Martin.

The district is not gonna pay up. Instead, they're cutting losses and wiping clean all the compromised hard drives. Fortunately, the data they're losing is non-essential, and is not related to student records.

"It's frustrating, and you feel somewhat like your hands are tied," says Martin.

However, the clean-up process means teachers are without e-mail or online grading systems during the last week before winter break.

"It hasn't really affected the daily operations of our district although it has been an inconvenience," says Martin.

Conner says the main lesson is to be wary of unfamiliar attachments, "You don't know where that file come from, don't open it."

Conner says the strain of ransomware which attacked the school district is different than the strain which attacked the Carroll County Sheriff's Office recently.