Crypto-Ransomware Highjacks School District and Demands $125,000

While Ransomware usually demands payments between $200 and $1,000, a surprising amount of 500 bitcoins, equivalent to approximately $125,000, was recently demanded from a school district in New Jersey.

School iconSeveral servers in the New Jersey School District were recently infected by crypto-ransomware that encrypted all their files. Email was down, files were inaccessible and PARCC standardized tests for the district had to be postponed. No actual data breach occurred, the attack just severely crippled productivity for a number of days. Thankfully, the school district did not pay the ransom and instead restored files from a backup and set up their email system again. Despite performing this backup process, some past emails may not be recoverable.

Last year, a ransom of 2,000 bitcoins (worth $803,000 at the time) was demanded from the City of Detroit by ransomware. Thankfully the City of Detroit had backed up their files and was able to restore them without having to pay the ransom.

Both of these incidents emphasize the importance of backing up data regularly - this is still the best defense against ransomware. However, why did the antivirus programs at the New Jersey School District and the City of Detroit not detect the ransomware? According to the school district, the malware was so new that it was not detected by their current antivirus software.

How Can You Detect Ransomware?

If antivirus software cannot detect ransomware, then how can companies protect themselves against this type of threat? The answer is that no single anti-malware engine can be 100% effective in catching new threats. With over 450,000 new threats emerging daily, anti-malware engines need to detect new threats continuously, and will inevitably address different threats at different times. However, by using multiple anti-malware engines, companies can benefit from several detection algorithms and heuristics to significantly increase the malware detection rates, as well as their protection against new threats. With multi-scanning, only one engine needs to detect the threat in order for a company to be protected.

In addition to using multiple anti-malware engines, there are other technologies that can prevent infection from threats that might be currently unknown to antivirus engines. Document sanitization can prevent unknown threats by converting files to a different format and removing any embedded threats. For instance, many infections occur through Word and PDF files. By changing these file types to a different format, for instance Word documents to PDF and vice versa, any embedded threats can be removed, even if they are not yet detected by anti-malware engines.

Limiting certain file types as well as performing file type verification can also prevent malicious files from entering the network. By blocking potentially dangerous email attachment types, such as .exe files and password protected zip files, a company's exposure to threats can be reduced. To ensure that spoofed files cannot bypass filters, it is important to perform file type verification and make sure that for instance an .exe file renamed as a .txt file is not able to enter the network.

OPSWAT offers a number of security solutions to secure your network, including Metascan® multi-scanning, document sanitization and file type verification for clients, servers, web proxies & email servers. Policy Patrol Mail Security offers advanced email threat protection for mail servers, offering anti-spam, antiphishing, anti-malware and email content security. Gears allows companies to centrally monitor their devices from the cloud and ensure that they are compliant and malware free.

Sign up for Blog updates
Get information and insight from the leaders in advanced threat prevention.