The NY-based Syracuse City School District (SCSD) has found itself between a rock and a hard place after hesitating to pay cyber criminals a ransom to unlock its systems.
Ransomware operators struck the schools as early as Monday last week, leaving the district struggling for seven days now. School administrators didn’t know why their systems were failing until they learned they had been infected with ransomware.
A spokesman said an “attack froze the district from accessing our own systems,” according to local news outlet Syracuse.com. Citing a source familiar with the matter, the report also reveals that, “the unknown hackers’ demands keep increasing as the district misses deadlines for payment.”
The SCSD’s insurer is urging administrators to pay the attackers, but the school district is following the FBI’s standard advice in ransomware cases — refrain from paying the criminals. The FBI says attackers grow bolder each time their demands are met and they use the money to finance new attacks. In any case, they say, there is no guarantee that paying will yield a decryption key from the hackers.
It is unclear whether the FBI has stepped in to help or the SCSD is merely taking a page from the FBI’s booklet on dealing with ransomware.
“An FBI spokeswoman said she could not comment. She said the FBI does not confirm or deny its involvement in any case,” the report adds.
The district’s insurer is increasingly restless about the damage it will have to cover in case the ransom is not paid, sources say. A spokesman said the district had been instructed to keep details under wraps until a forensic audit is completed.
In recent months, several major cities across the United States have been struck by ransomware. In some cases, like the attack on Baltimore, city officials refused to pay thousands of dollars in ransom only to incur tens of millions of dollars in damages. In other cases, such as in Florida, cities struck by ransomware resorted to paying the hackers for the decryption keys.
Security experts worldwide, not just those employed by the FBI, agree that ceding to ransomware operators’ demands only fuels the next wave of ransomware attacks, keeping the bad guys’ business alive. However, there are instances where experts agree it’s not always possible to respect the rule of thumb, such as when healthcare systems are affected, potentially putting lives at risk.