Data Security

NC District Hit with Malware Costing $314,000 for Cleanup

• By Dian Schaffhauser
• 01/12/18

A North Carolina school district was hit with the Emotet virus, crippling its network infrastructure. Last week, Rockingham County School District Superintendent Rodney Shotwell held a press conference, in which he described how the district fell victim to a computer malware attack through users clicking on infected EXE files in their e-mail, under the subject heading, "Incorrect invoice." Clean-up is expected to cost $314,000.

Emotet, according to security firm Sophos, is an advanced network worm that drops "malicious payloads onto target computers." It's designed to steal a user's online banking details, and stopping it requires "every machine on the infected network to be protected with anti-virus."

The first clue that something was wrong at Rockingham came when Google disabled certain e-mail accounts because they were producing spam e-mails. That was followed by reports from users who couldn't connect to the internet through their web browsers. Malware mitigation and clean-up began at that time.

During the press conference, Shotwell explained that even after all of the infected computers at the district were cleaned and re-imaged, they became re-infected. At that point the district IT team called in the cavalry, including the U.S. Federal Bureau of Investigation, as well as local IT experts.

Rockingham also began working with ProLogic ITS for virus mitigation services for about a dozen servers and 3,000 client machines. While the $314,000 contract with the IT consultancy will bring in 10 engineers for a total of about 1,200 on-site hours, according to reporting by Rockingham Now, it will also pay for ongoing virus mitigation services for the next year.

"It's like a disease," said Shotwell. "We're trying to quarantine it. Right now, there's not a software out there for this malware that will enable you to clean the device and ensure that it won't come back." Even though the school system has used antivirus software for a "very long time" and updated its systems, the malware is designed to find those computers that haven't been updated and exploit them.

On the positive side, Shotwell added, the antivirus capabilities did "chew up the ransomware where it did not activate." As a result, "our data was never compromised because of ransomware. Our data was protected and saved."