Ransomware makes California nursing school feel ill

Instructor brought malware in from home through USB drive.

Credit: Photos.com

About three months ago, an instructor at Gurnick Academy, a California-based nursing school, had his biggest fear come alive. When he tried to access his lectures, the files were encrypted. The teacher was literally locked out of his classroom.

If it wasn’t for a quick acting IT department, the entire school might have been in the same situation. They noticed the incident at the early stage and managed to prevent the encryption from spreading by disconnecting the infected device from the corporate network.

Val Paschenko, IT department manager at the school, said the instructor was met with a ransomware note demanding 1 bitcoin or $740 in exchange for the files to be decrypted. The instructor called support and requested to get his files back, but it was already too late. He lost some recently created files, and he needed to redo some of his work. It took a few hours to reinstall the OS and configure everything; obviously during that time he was not able to work on his PC. 

However, it did not end here he also had Google Drive sync running, and it replicated all encrypted files to the Google Drive. He said professors often work from USBs and use (and sync to) Google Drive because this gives them a lot of flexibility to prepare for lectures from anywhere.

“For the malware, we believe that it originated on the instructor's personal computer or elsewhere. Before this incident [the instructor] mentioned that he had experience with some virus issues on his personal computer. We think that he wasn't able to open some files while working on his home PC and decided to give it a shot on an office PC but can’t be certain,” he said.

The data lost comprised lectures, presentations and perhaps some personal data. Usually, a teacher spends 16 to 24 hours to design a new lecture, which costs Gurnick about $800 to $1,200. Gurnick teachers store these lectures on Google Drive. During the school year, teachers prepare about 30 lectures. If a data loss disaster happens to one or more employees, this may cause a financial hit of at least $30,000, which could be a huge loss to an organization of Gurnick's size.

“As an IT manager my biggest concerns are for data such as personal info, financial info and so on. And for instructors, their PowerPoints are very valuable simply because they spend a lot of time preparing them for lectures,” he said.

What ended up happening? The instructor did not pay the ransom and agreed to lose all infected files. As a result, the school looked for a product that could if not prevent another attack, at least give them a better way of backing up the system.

For its corporate data, the school has a completely different backup system now and this data is kept in-house, he said, adding that they are not utilizing cloud systems.

“The vast majority of ransomware we encounter are Trojans, not viruses, that's why our anti-virus couldn't detect the ransomware attack in this case. Knowing that majority of our instructors are using Google Drives for storing and syncing files to avoid this type of incidents we decided to look for some prevention mechanism, and this is how we found a cloud based fully automated daily backup solution for our organization,” Paschenko said, citing Spinbackup as the product of choice.

When the IT department looked for a cloud-based disaster recovery solution on the market, they found that not many cloud-to-cloud backup providers offer a "snapshot" backup or "restore in time" option for the entire account. “That allows us to restore damaged data with a click, which normally saves a lot of time,” he said. “This snapshot type of backup is indeed a life saver. Plus we were very surprised to find that [Spinbackup] also have an advanced cybersecurity solution that helps us to monitor and manage third-party apps that have access to our corporate data.”

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
How much is a data breach going to cost you?