The Rockville Center, N.Y. School District paid an $88,000 ransom to regain access to files that had been encrypted by Ryuk ransomware.
The attack took place on July 25, and according to a document sent to SC Media, the ransomware was able to avoid the cybersecurity measures the district had in place. The district's IT director shut down the computer network on July 26 to limit the damage and district officials believe this move enabled their insurance carrier to negotiate a lower ransom payment.
"Because we were able to shut down the cyber attack early in the encryption process, the ransom demand was lower than typical. By finding ways to restore some of our data, the ransom demand went from approximately $176,000 to $88,000," the district said.
Rockville Center was charged the policy's $10,000 deductible.
The decision to pay the ransom was based on an evaluation of what it would cost to recover from the attack without the decryption keys and the less expensive option was to pay.
"After exhausting all of our own efforts to recover and restore our data, we found ourselves evaluating what data would be lost if no decryption tool was available. After an extensive and detailed analysis of the cost, time, and overall effectiveness of recovery without paying the ransom and its impact on students who had projects stored in files on the system, the District decided to pay the ransom to make the District whole," school officials said.
Rockville Center is hardly alone in having been attacked. School districts across the county have been struck with ransomware during the last six months and the New York State Department of Education sent a warning to all the state’s district’s on July 31 to be on the alert for potential cybersecurity incidents.
Paying the ransom demand is also becoming more common as more organizations have opted to take out cyber insurance policies, which can have coverage for paying ransoms. Recently, Lake City, Fla.; La Porte County, Indiana; and Riviera Beach, Fla. have all opted to pay the ransom demand in order to regain access to their data.