Ransomware Attacks Prominent Texas School District
RYUK Ransomware targets district just prior to its busiest time of the year
For teachers, coaches
and administrators, there’s a flurry of activity and a frenetic pace that
precedes the start of each school year, especially when you’re closing out a
busy summer session. There are hundreds of things to think about, but there’s
one issue most employees, save a few people in the IT department, rarely think
For one of the state’s
largest school districts, with over 30 schools covering a dozen cities,
wrapping up the summer term and preparing for the upcoming school year ground
to a halt once word spread that they were the latest victim of the devastating
RYUK ransomware. According to the FBI, RYUK has affected hundreds of
organizations in the past year. The perpetrators behind it prefer attacking
cities, school districts, and hospitals because they view them as being
especially vulnerable to cyber-attacks. For this school district, the ransom
totaled well into the hundreds of thousands of dollars, all to be paid in
relationships become long-term, trusted partnerships
The event occurred
late Thursday night during a week when all staff, save a few who oversee
critical functions, were off work. Due to the reduced staff, issues related to
network functionality and email weren’t recognized and reported for over 24
hours. To make matters worse, the original IT consulting company they had
brought in couldn’t address any of these issues.
It was late Friday
night when school officials reached out to Netsync, with whom they had prior,
but limited, experience. They would soon experience exactly why Netsync is
widely recognized as the go-to company for hundreds of school districts to
remedy IT related emergencies. They needed more than technological expertise;
they needed a company that exemplifies and instills a bend-over-backwards
attitude in every customer deployment to ensure they not only experience the
best that technology has to offer, but do it with network security top-of-mind.
They needed a technology partner that could act fast, work around the clock to
address and remediate their issues, and design and deploy a security solution
that would prevent future events from bringing their operations to a halt. In
short, they needed Netsync.
future threats, addressing existing ones
When Netsync arrived
that Saturday, the previously unnoticed attack had a protracted amount of time
to decrypt the district’s servers (within 36 hours, all had fallen victim to
RYUK). It was time for Netsync’s professionals to get to work, which they did
for the next 72 hours straight.
evaluating the situation, Netsync installed and configured Cisco Umbrella, which
is a cloud-native platform that delivers a secure, reliable and fast Internet
experience that blocks devices from command and control attacks. In addition,
Netsync deployed Cisco NGFW (Next-Gen Firewall) by the next morning, then
worked to get Cisco AMP (Advanced Malware Protection) deployed on over 8,000
endpoints. Cisco AMP is an intelligence-powered, integrated, enterprise-class
advanced malware analysis and protection solution. Thankfully, the district had
offsite backups, so restoring the servers was completed by Netsync in a timely
manner. As a result, there were no disruptions to schools’ operations.
In addition to
deploying Cisco NGFW and AMP to thousands of endpoints, Netsync deployed and
tested additional security services, including CES (Cloud Email Security),
which defends against phishing, business email compromise, and
ransomware, and Cisco Stealthwatch, a robust security
analytics tool utilizing industry-leading machine learning and business
modeling. The school district was the latest beneficiary of Netsync’s longtime
partnership with Cisco.
solution provides, among other things, breach prevention, rapid response,
remediation, and analytics to provide advanced detection while maintaining
visibility throughout the entire network.
Now the solution, and
Netsync, are providing peace of mind to the school district.