Column: How an East Texas school bullied a cyber attack

Published 7:10 pm Friday, July 31, 2020

Cyber attack.jpg

It’s happened to most of us, or someone we know. An email gets hacked, or a Facebook account and even a debit card connected to a bank account or credit card.

We’ve heard of companies being hacked as someone opened an email and clicked a link that caused a virus to enter the network, or someone connects to a server from the outside.



This week, it was a school in East Texas, and the results were as good as any crime show on television.

On Tuesday, Athens ISD realized something was wrong. The student files, including classroom assignments and much more, were on the server, but had a new name. The files were there but frozen or locked down. The jargon is “encrypted.”

Either way, with school starting Monday, the scramble began.

Most Popular

That’s when an email popped up. Subject: Ransom. The email was in broken English and demanded $50,000 to release the data back to the school.

The district had to make a decision.

There is no playbook for getting kids back to school during a pandemic. There are playbooks for server issues. There is not a playbook with a chapter titled, “How to deal with cyber terrorists demanding a ransom and holding valuable school data and files hostage during a pandemic.”

On the fly, Athens ISD came up with a Plan A and Plan B. The decisions were judged and talked about. While that was going on, they surprised everyone by coming up with a Plan C.

On Wednesday night, the board of trustees voted to pay the $50,000 ransom. Of course there is no guarantee they would get the data back, but there was a chance they could, and also not be attacked again.

Superintendent Dr. Janie Sims boldly made the announcement of the payment of the ransom. Athens ISD Communications Specialist Toni Clay was on television trying to explain the move. Meanwhile, computer experts were disagreeing with the decision and the ransom. The top comment seemed to be “this is a waste of taxpayers money.”

Just over a year ago, I was part of a corporation that was hacked. So I called the really smart computer guy who brought us back online in four days and was able to make sure no personal data was released. He said, “$50,000? They got off cheap. That’s a great deal. I hope the public understands that.”

I’m not sure they did.

With $50,000 to spend, the school decided to negotiate with the cyber hostages. Over the next 48 hours, they got the amount down to $25,000. The hackers came back with a final email, still in broken English, agreeing to that final amount.

What they did not realize is the coffee pot never shut off in the server room at Athens ISD as Technology Director Tony Brooks and his team were working around the clock during the negotiations and while the public was weighing in with opinions on the $50,000 payment.

Also, the school was dealing with a Plan B.

“No one was ever excited to be negotiating with these criminals, there were a few reasons the board and administration felt paying the ransom was the lesser of two evils,” Clay said. “Paying was upon the advice, on the advice of the federal cyber security team we were working with.”

Paying was also saving money. The district has insurance for these types of issues and only would have to pay the deductible. Or, hire more employees and have current employees working overtime for two months to get the server back up and all the files re-written by everyone from the cafeteria staff to teachers and administration. Bus routes, school policies — the list goes on.

It could cause a delay in school.

While all of this was being considered, the work continued on the current server. The coffee cups were building up. However, it was also discovered the current firewall was strong enough the hackers could not actually take the files and see them, use them or try to sell them. They also noticed a backup took place Sunday night. Not on the backup server, but the backup to the backup server.

This was like the third-string quarterback winning the Super Bowl. Brooks and his team found a Skyward backup system that was not infected with a virus or touched. It was only a few days old.

They had the data and could now go to work restoring it.

Like a winning coach, Brooks said in his victory press conference, “It felt incredible.” The server team won. I guess there is no “i” in server.

The school could now send out a final offer to the attackers — “zero dollars.”

Athens ISD will be delayed starting school until Aug. 10 as they get everything ready again.

There’s a saying, “Some things you just don’t learn in school.” In this case, that sentence is true, and because it happened in school, it’s also false!

Athens made all the right decisions and crafty negotiations no one saw coming. Sure it’s going to be a great lesson someday in the classrooms, but they also wrote a lesson plan for others.

John Anderson is the regional editor. He can be reached at janderson@mrobertsmedia.com .