Payroll was the biggest concern, but that was quickly resolved and school employees will be paid on time.
The concern came from a ransomware attack of the Smyth County school system's computer network discovered Monday morning. The FBI is investigating the incident as the source of the attack has been traced outside the country.
The school website is down and many schools are without internet connections, but efforts are ongoing to retrieve information from backups because the county will not pay the ransom.
Terry Hawthorne, director of technology for Smyth County Schools, is working with technicians, teachers and office staff to replace the system. He expects all schools to be back online by the end of the week.
“It will be a lot of work, but we will do it,” Hawthorne said. “We won’t pay the ransom because it just encourages criminal behavior. I would advise anyone. Don’t pay it.”
Hawthorne said it is critical to have a backup to your system and to not have it connected all the time, just when you are doing backup.
The Smyth school system was in the process of moving the web server into the cloud for better protection, and is working with the company handling this to accelerate the transition, Hawthorne said. For several years the schools have operated on a cloud-based payroll and accounts payable system so it was easier to retrieve the information for the bank.
“We were able to process payroll as normal using Chrome boxes instead of Windows,” Hawthorne said. The Windows program is being replaced with Chrome boxes, which is a safer system, he said. He created a Linux server that would provide IP addresses in order to get the central office back online Monday afternoon in order to make payroll.
“Thank the Lord for Linux, Chrome devices, and backup!” Hawthorne said.
The attack, said Hawthorne, was like someone coming to your house while you are out and changing all the locks, then demanding payment for a key that would unlock the doors. You could pay the ransom, he said, but that key may or may not work and the hacker may just take the money and run without providing a way to “unlock” the doors.
Superintendent Dennis Carter said the school system was unable to contact parents electronically so he wrote a message and copies were provided to every student on Wednesday.
Carter said, “As you may have heard, many localities and school districts across the United States have recently been targeted by cyber criminals. Unfortunately, we have now become a victim as well.”
Hawthorne said those investigating the ransomware – which is a violation of state and federal law – are pretty sure they know who attacked the system. He wouldn’t identify the source as it is part of the FBI investigation, but the portal through which they entered has been closed.
“Ransomware,” said Carter, “is malware that infects a computer or server and encrypts the documents and other files on the computer or server. The documents are still on the computer, but the victim cannot open them without paying the ransom to the hackers. We are not going to pay the ransom, because that only supports criminal activity, and there is no guarantee that the hackers would provide us with the key we need to decrypt our files if we paid. With the assistance of our insurance carrier, VACORP, we have hired cybersecurity experts who are working with the FBI to investigate the incident.”
Carter said, “We do not believe any personal identifying information was taken by the cyber criminals. Instead, much like a classic bank robbery, we are being 'held up' and asked to pay big dollars to allow us to regain access to our data. We are going to use our data backups to rebuild our servers, rather than pay the ransom.”
As of Wednesday, parents did not have access to ParentPortal. Anyone with questions can call the school board office at 276-783-3791.