CONWAY, SC (WBTW) – The Horry County school system remains locked out of several servers after a ransom computer virus got into the system last week.
Charles Hucks is the executive director of technology for Horry County Schools, he’s had non-stop 20 hour days this past week to try to restore locked up data. The virus was discovered last Monday. Servers were immediately shut down to stop the malware from spreading further, and that did interrupt some online services.
Hucks says HCS was not targeted to gain access to data, but a high-level encryption was used to lock up the data on the schools’ servers. As far as they can tell, nothing was stolen or removed, and staff and student information is safe.
Hucks says they have been able to back up most of the lost data, but 25 servers with information for elementary schools are still encrypted with no way to get in.
“And the only way we’ll get it back is to pay,” said Hucks.
Administrators approved an $8,500 ransom to unlock the servers, but they’ve had trouble making the payment. Hucks says the ransom had to be paid in Bitcoins, but purchasing them is more difficult than going to your local bank.
The digital currency is available online from dealers in the U.S. and abroad; so they are being careful who they make a purchase from.
“In the next few days we should know. We’re going server by server, back up by back up, to see exactly what we have and the time that it takes to back up, so that will be a business decision,” said Hucks.
Hucks says they’re willing to pay because it’s a small amount compared to the man hours already lost trying to solve the problem.
Even if the ransom is paid, and the data restored, there’s no guaranteed way to stop the same kind of thing from happening again, although Hucks says a repeat attack is highly unlikely.
“From what we know from this variant, it does not have a component that sticks around. That is not typically the objective of these types of malware,” said Hucks.
Hucks says beyond looking for anomalies and keeping software patches up to date there is simply no guarantee there’s not a virus still lurking.
“That’s most technology management folks worst nightmare is, for there to be something in the network and you don’t know it’s there,” he said.
Hucks says viruses and malware are more and more common, so they are stepping up their security.
“External visibility of servers and access and account level changes,” are areas he’s looking to improve security.
Horry County Schools was even investigating the possibility of hiring an outside security provider a month before the attack, they were just waiting for an official proposal when hit. The school system did reach out to SLED and the FBI, but Hucks says there is simply no way to determine where the attack came from.
Hucks believes the breach occurred in an older server with software that contained out of date applications.