ITI Technical College latest victim of ransomware attacks

ITI Technical College latest victim of ransomware attacks
A ransomware attack has “hampered but not paralyzed” operations at ITI Technical College in Baton Rouge, college Vice-President Mark Worthy said Monday.

BATON ROUGE, La. (WAFB) - A ransomware attack has “hampered but not paralyzed” operations at ITI Technical College in Baton Rouge, the vice president of the college, Mark Worthy, said Monday.

In an interview with WAFB Monday, Feb. 3, Worthy had strong words for the culprit.

“We’re not going to pay ransom. We don’t do that,” said Worthy. “It’s infuriating that [hackers] are allowed to propagate and there’s no solution. The amount of man-hours that I know our company is going to experience in recovery dealing with this is going to be massive. Just think about the loss of productivity.”

No personal information was copied or transmitted in the attack. Instead, certain files were encrypted and ITI staff was locked out of them. The staff was provided instructions to contact the culprit with ransom money for a “key” to unlock the encrypted files.

Why pay it and you don’t even know if you’re going to get the key back?” argued Worthy.

Worthy says the attack began as a phishing email received in the administrative staff email system Monday, Jan. 27. The ransomware was able to embed in the system and place a “timebomb scheduler”, which initiated the attack overnight Tuesday, Jan. 28 into Wednesday, Jan. 29.

An IT administrator discovered issues with the school’s network around 2:30 a.m. Wednesday morning. By 3 a.m. the administrator raced to the school and disconnected all systems from the internet. Over the next 36 hours, staff worked to isolate impacted systems and restore services.

“The problem is we don’t have it deemed safe to plug the network in and get everything talking. So we’re at that phase in this recovery process where we’ve isolated everything, we’re bringing critical infrastructure back online as it’s deemed safe,” said Worthy. “It’s not optimal, but it’s in a functional, safe mode until we can deem everything on the network back to safety and plug it back in and get it back online.”

Among the systems still quarantined are those used for mass communication internally and with the public. So far, school officials have been using staff to disseminate information to students.

One person claiming to be a student told WAFB he/she was made aware of the issue, but wasn’t given clear information about if data had been stolen and impact to the student body.

"It’s not that students were last on our priority. It’s just that until we could give the students good information, there’s no point in giving them bad information or no information,” said Worthy. “If we had any concern that there was a data breach here, ITI would be the first at warning everybody. That’s just the way we operate over here. Moving forward, we will be communicating as we get some clarity.”

Similar ransomware attacks have previously crippled Louisiana state agencies, city governments, and school systems.

The National Cyber Security Alliance recommends the following tips to fight off these types of attacks:

  • When in doubt, throw it out: Links in email, tweets, posts, and online advertising are often how cybercriminals try to compromise your information. If it looks suspicious, even if you know the source, it’s best to delete or, if appropriate, mark it as junk.
  • Pay attention to the website’s URL: Malicious websites may look identical to legitimate ones, but the URL may use a variation in spelling or a different domain (eg, .com versus .net).
  • If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Contact the company using information provided on an account statement, not information provided in an email.

Copyright 2020 WAFB. All rights reserved.