NBC

Ransomware Attack Targets Wolcott Public Schools

The school district’s computer system was attacked with ransomware at the end of the last school year, according to district officials.

As kids head back to the classroom in Wolcott, the district is trying to get all of their computers back from hackers.

“It halts everything. It halts all the learning, all the students, they suffer because they don’t get the education that they need,” said Jess Culali, who has three children attending class in the Wolcott Public Schools. “It’s scary that these hackers can do this from wherever.”

Wolcott Superintendent Anthony Gasper said the school district’s computer system was attacked with ransomware at the end of the last school year. According to the school’s superintendent, the staff was unable to access all of their internal files to get the data back. The Wolcott School District was asked to pay the hackers a ransom.

Gasper declined NBC Connecticut’s request for comment. Instead, he referred us back to his interview with a local newspaper. In the Republican American, he said, “Every computer in the district, every server, every network switch. It basically meant that every file that was stored on a network drive or a hard drive was locked."

Gasper said no student data was compromised. Working with IT experts over the summer, Gasper said the school district was able to get most of its data back, but with some files, including teacher lesson plans, still encrypted, he said he planned pay a ransom to get it back.

“If at all possible, don’t pay the ransom. When you pay the ransom you’re just perpetuating the cycle. That makes their attack successful and that encourages them to do more,” said Tim Weber, director of security services at ADNET Technologies.

Weber has worked in the security space for 25 years and says hackers are no longer just targeting big business and large government agencies. In the last five years he says schools and towns have become particularly vulnerable, because they depend so heavily on their computers and are more likely to pay the hackers who hijack their systems.

“It’s blackmail. That’s a blackmail scam. After they pay the ransom they can do it again. Stop it,” said longtime Wolcott resident Charlie Lanza. “We vote for these politicians to protect our tax dollars and they are held ransom for a blackmail scheme and they just reach into our coffers and pay the bill instead of fighting.”

Other taxpayers in town shared Lanza’s concerns.

“I don’t think they should pay the ransom,” said Betty Morse. “It just encourages more compromise of the system and people will just keep paying more money, my taxpayer’s money.”

Wolcott police were brought in, but not until Wednesday, after Chief Edward Stephens read about it in the newspaper. He said he was concerned that his department wasn’t notified sooner to protect the rest of the town’s computer systems. He also said the department may have been able to keep the district from having to pay the ransom, had they been brought in earlier to investigate.

Gasper wouldn’t say how much the hackers are demanding, just that the price tag isn’t “exorbitant.” He confirmed to the Republican-American that the amount was less than $10,000.

Weber said the deductible for cyber insurance is typically around that amount. He cited two recent examples of Florida towns each having to pay $500,000 to hackers. Their insurance paid the bulk of it, while the municipalities only had to cover the $10,000 deductible.

Still, some of the town’s taxpayers worry that paying up with leave it more vulnerable in the future.

“Once you give a ransom then they’re more likely to say we can do it again,” reasoned Culali.

Weber said victims of a cyber-attack are more susceptible to future threats, especially if they don’t take steps to protect themselves.

“They have to figure out how the attackers got in, how this event started, because if they don’t plug that hole then the likelihood is that they’ll get attacked again,” he said.

Several other Connecticut school districts were hacked last school year, but avoided paying a ransom because they had their files backed up.

We reached out to Superintendent Gasper and the entire Wolcott school board.

Board of Education member Kelly Mazza said she abstained from the vote related to the ransomware attack because she didn’t feel she had enough information.

“We were presented the ransom opportunity rather quickly at this week’s meeting because of the narrow timeframe to respond to the hackers so I was not prepared to vote,” she said in an emailed statement. 

Contact Us