Morgan County Schools’ computers hit by holiday ransomware attack

by Kate Evans

Morgan County Schools was one of many victims of a massive Fourth of July weekend ransomware attack that struck businesses and agencies nationally and around the globe.

A Russian-based hacker group initially demanded $70 million to stop the cyberattack.

School Superintendent Kristen Tuttle said at a July 6 school board meeting that the hack occurred on Friday, July 2 and was contained to some of their office computers.  Some individual machines were infected and some files were locked from the attack.  The group behind the hack wants school officials to pay money for the files to be released.

On social media, school officials said the attack was contained to their “internal network environment.”

Morgan County Schools’ technology department worked around the clock to deal with the issue for several days, Tuttle said.  Their internet servers are all stable.

Technology personnel checked all the computers in the school board office.  They’re now going through computers at all the schools to see which machines have been infected, she said.

Kaseya, a Florida software company whose subsidiaries   remotely handle security and IT infrastructure for small businesses and public agencies, was hacked last Friday.

Ransomware was imbedded in a software tool.  Computers were infected with the ransomware when they downloaded updates, Tuttle said.

Kaseya is a security company that is paid to protect networks, she said. They are working with several technology partners and Kaseya to resolve the situation and assess the extent of the hack and damage.  Some lost a lot of files. The FBI is also involved in the investigation. Those hit by the attack were not advised to pay the ransom.

Tuttle said in a phone call late last week that school officials are still figuring out how many computers were affected by the ransomware attack.  If the computers were on, they could’ve been compromised. The tech department is sweeping all the school computers now for malware.

Tuttle noted that some individual machines may need new hard drives.  Some files have been recovered and some have not.  County school officials have contacted BRIM, the West Virginia Board of Risk and Insurance Management, and made a claim, which they hope will cover some of the damages.

In response to questions from The Morgan Messenger on Monday if any student or employee information was involved in the ransomware attack, Morgan County School Board president Aaron Close said that the ransomware cyberattack is under investigation and they can’t speak to the types of files that may have been compromised.

The cyberattackers have files locked up and nothing has been released. Once school officials figure out the extent of the damage, the school system is required to release a statement about it, he said.   If the school system is made aware that any personal information has been lost, they will individually reach out to those people. At this time, Close said they are unaware of any personal information that has been lost.

“We survived COVID, now it’s ransomware.  We’ll work through it,” Tuttle stressed.