Cybersecurity experts comment on RPS ransomware attack
ROCHESTER, Minn. (KTTC) – Thursday, Rochester Public Schools leaders confirmed the cybersecurity attack it’s been dealing with for nearly a month is a ransomware attack. Personal information belonging to some RPS employees is involved in the ransom.
Right now, the district is locked out of its data system.
“The attack encrypts data, encrypts files, encrypts the operating system. The users cannot access it. They can’t function,” CyberCatch CEO Sai Huda said.
Data is extremely valuable, according to cybersecurity experts.
“They’ll say hey if you don’t pay me, then guess what? We’ll leak your data and put it on the Dark Web and embarrass you. And we’ll also sell it,” Huda said.
Cybersecurity experts say these attacks are quite common, and it’s becoming an epidemic.
“My company CyberCatch, we scanned over 11,000 K-12 schools in the U.S., and we found nearly 7 out of 10 having vulnerabilities on their websites they aren’t even aware of,” Huda said.
These criminals will often go after schools and local governments.
“They don’t have the funding. They don’t have a lot of the tools and personnel available to be on top of this as good as someone else,” Sweet Cyber owner Michael Funk said.
Criminals will then test the ransomware before taking that same attack somewhere else.
“A lot of the times, with malware and ransomware they test it out on small spots and make sure that it does what they want and then they’ll go for much bigger targets,” Funk said.
RPS has alerted the FBI to try to track down who’s behind this, but it can be difficult to find them.
“They know how to get in. They know how to hide their trails. A lot of the times they’ll deal the log files or they will manipulate the log files, so you don’t really know when they came in, where they came in and who they really are,” Huda said.
Experts say resolving these incidents take a lot of time, and even when you think it’s over, there are still backdoors where criminals can attack again.
“Times get hard and oh by the way you paid me money last time so maybe you’ll pay me money again. They’ll use that backdoor, that tunnels that they created,” Funk said.
RPS has not paid a ransom at this time. No word yet on when the district will be back to full operational capacity.
Copyright 2023 KTTC. All rights reserved.