Athens ISD has recovered its school data and will not pay a ransom payment after a cyber attack locked their server data, the school district said Friday.
On Wednesday, the Athens ISD board of trustees voted to authorize payment of up to $50,000 to cybercriminals. This decision came after the district’s tech team became aware of the attack on Tuesday that encrypted years of vital data stored on school servers.
While the school board authorized possible payment, the district’s IT department, with help from regional and federal cyber response teams, executed a protocol hoping one of the backup systems would have uninfected data.
On Thursday, the second backup server was analyzed to find an uninfected Skyward backup only a few days old.
“It felt incredible,” AISD Technology Director Tony Brooks said. “The Skyward database is the most important one we have.”
Skyward went back online Friday, which makes it possible for student registration to continue for a virtual return to school. At this time, the Aug. 10 start date is set to remain in place, but an announcement will be made soon if more time is needed for recovery, according to the district.
“We’ve built a new domain controller and recovered Skyward, but we have a lot of work left to do. Everything will be brand new when we’re done. We have to make sure all the data is clean,” Brooks said. “We won’t be able to recover data from employees’ individual computers. We’ll have to go to every computer in the district and install new hard drives.”
After these successful recovery efforts, Athens ISD said a ransom will not be paid.
“Though the payment was approved, we never stopped trying to find a solution,” AISD Superintendent Dr. Janie Sims said. “The board deserves credit for recognizing how dire the loss of data would have been to our district, requiring months to rebuild, delaying the school year significantly, and ultimately costing us much more than the ransom amount.”
Brooks added that the ransom price was negotiated down to $25,000 while the tech team worked on the recovery.
Engineers with the cybersecurity firm Fortinet confirmed to AISD that there’s no evidence of data being removed from district servers by the criminals. Fortinet also said the virus originated from overseas and appears to be new.
“They are able to tell if any data left our district by looking at our logs,” Brooks said. “And there is no sign of data removal. We have no reason to believe anyone’s personal information was taken.”
Sims thanked Brooks for his hard work and said she appreciated assistance from the Region 10 Educational Service Center, Fortinet, and the Center for Internet Security.
The district said the effort to identify weak spots and make improvements in the online security protocols is ongoing.
“Cybercrime is getting worse and worse every day,” Brooks said. “It’s a huge battle. No amount of money can keep any organization totally safe.”