What We Know About the Ransomware Attack on Wolcott Public Schools

It’s been a difficult summer for Connecticut public schools when it comes to cybersecurity. In addition to the three Connecticut school districts hit by cyber attacks in late July, it recently came to light that the Wolcott public school district suffered a devastating ransomware attack months ago from which it has not fully recovered. No data was stolen, but a great deal of data was locked and held for ransom, much of which was not backed up. As a result, teachers are starting the new school year without key materials.

Kelser was interviewed by FOX 61 to help provide context when this story broke on August 28.

The following day, when it became clearer that there were plans coming together for the school district to pay the ransom, Kelser's Andrew Tyler provided comments for a WFSB Channel 3 story.

As Andrew explained, without a backup the school district is really left with no good options. They could ask teachers to start from scratch with the lesson plans and materials they lost, which would be expensive, time consuming, and frustrating, or they can pay the ransom.

In this case, the ransom likely isn't very high which is a silver lining to the situation but still far from ideal. Ransom demands can be as low as a few hundred dollars but we’ve recently seen ransoms paid out at over half a million dollars in the case of some Florida towns and demands balloon to over two million dollars in the case of a recent widespread ransomware attack in Texas.

We know the amount being asked for is less than $10,000 due to processes the school board is using to release the funds. However, paying a ransom to hackers has tremendous downsides and risks.

• The U.S. Government does not encourage paying a ransom to criminal actors.
• Paying a ransom often doesn't result in return of the data. Victims have no leverage to stop the hackers from simply taking the money and demanding more without returning any data.
• Paying a ransom perpetuates the industry of hacking.
• If the ransom is paid, but the vulnerability that let the hackers in isn't closed by adding new layers of security, the hackers likely will strike again.

Wolcott Chief of Police Edward Stephens acknowledges the risk of repeat hacking in both of the news clips above. Wolcott Mayor Thomas Dunn is a member of the United States Conference of Mayors, which passed a resolution this summer not to pay ransoms to hackers.

While it's very fortunate that student data hasn't been compromised so families don't need to worry (as much), it's clear that this is a lose-lose situation for Wolcott. The impossibility of the choice they have to make underscores the necessity of having a disaster recovery strategy – implemented and tested - as part of a robust cybersecurity solution.