About three months ago, an instructor at Gurnick Academy, a California-based nursing school, had his biggest fear come alive. When he tried to access his lectures, the files were encrypted. The teacher was literally locked out of his classroom.
If it wasn’t for a quick acting IT department, the entire school might have been in the same situation. They noticed the incident at the early stage and managed to prevent the encryption from spreading by disconnecting the infected device from the corporate network.
Val Paschenko, IT department manager at the school, said the instructor was met with a ransomware note demanding 1 bitcoin or $740 in exchange for the files to be decrypted. The instructor called support and requested to get his files back, but it was already too late. He lost some recently created files, and he needed to redo some of his work. It took a few hours to reinstall the OS and configure everything; obviously during that time he was not able to work on his PC.
However, it did not end here he also had Google Drive sync running, and it replicated all encrypted files to the Google Drive. He said professors often work from USBs and use (and sync to) Google Drive because this gives them a lot of flexibility to prepare for lectures from anywhere.
“For the malware, we believe that it originated on the instructor's personal computer or elsewhere. Before this incident [the instructor] mentioned that he had experience with some virus issues on his personal computer. We think that he wasn't able to open some files while working on his home PC and decided to give it a shot on an office PC but can’t be certain,” he said.
The data lost comprised lectures, presentations and perhaps some personal data. Usually, a teacher spends 16 to 24 hours to design a new lecture, which costs Gurnick about $800 to $1,200. Gurnick teachers store these lectures on Google Drive. During the school year, teachers prepare about 30 lectures. If a data loss disaster happens to one or more employees, this may cause a financial hit of at least $30,000, which could be a huge loss to an organization of Gurnick's size.
“As an IT manager my biggest concerns are for data such as personal info, financial info and so on. And for instructors, their PowerPoints are very valuable simply because they spend a lot of time preparing them for lectures,” he said.
What ended up happening? The instructor did not pay the ransom and agreed to lose all infected files. As a result, the school looked for a product that could if not prevent another attack, at least give them a better way of backing up the system.
Sign up for CIO Asia eNewsletters.