Leaked image shows ransomware attack hit Linn-Mar School District

MARION, Iowa (KCRG) - Leaked screenshots show the Linn-Mar School District is dealing with a ransomware attack much more severe than the “technical difficulties” the district has described to staff and parents.

A staff member shared with TV9 screenshots from district computers showing a warning message stating “all your files have been encrypted by Vice Society”. The warning goes on to threaten to upload those files to the dark web unless the user contacts them to purchase a key within 7 days. The notice does not give the cost of that key.

In email notices sent to staff and parents on Monday, the district has only described “technical difficulties” with its computer network that has prompted it to limit physical access to district buildings for the rest of this week. The note says it is working with “third-party specialists to investigate the source of this disruption, assess its impact on our systems, and to restore full functionality to our systems as soon as possible” and that the district’s network and phone systems are down.

TV9 reached out to Linn-Mar administration Wednesday to confirm the ransomware attack but has not received a response yet. TV9 asked earlier this week if the district was facing a cyber-attack but district spokesperson, Kevin Fry, would not confirm or deny that description, saying only “that’s really all we know at this point.” It also did not respond to a question on whether the district would be ready for the first day of school, which is less than three weeks away.

Ransomware is an increasingly common threat to business and government computer systems in which hackers lock up a computer network and demand a ransom in order for users to regain access to their files. Vice Society is a ransomware gang of hackers that has been involved in several ransomware attacks globally, including the city of Palermo, Italy in June and the Medical University of Innsbruck in Austria last month.

PCRisk.com describes Vice Society as using a form of malware or virus spread through downloading and opening a malicious file. It warns “decryption is impossible if the cyber criminals are not involved” but warns “it is expressly advised against meeting the ransom demands - as victims often do not receive the decryption tools despite paying.”

Ryan Harvey, who is a security consultant at a cyber security company called Winsor Consulting, said it’s difficult to know how long the district will deal with the effects from the attack. Regardless if the district pays or not, he said people involved in the district need to change their passwords since there is no guarantee the data wasn’t already exposed.

“There’s still a chance that they could have copied your files,” Harvey said. “They could have still sold every bit of information on the dark web after, you know, you even pay the ransom and get it back.”

Harvey said ransomware attacks are becoming more common since the malware is easy for a user to deploy and people can buy it online.

A spokesperson for the Cybersecurity and Infrastructure Security Agency, which is the federal agency overseeing cyber threats within the Department for Homeland Security said it is not involved with the Linn-Mar Community School District’s response to the attack.

It’s unclear if this attack is connected or similar to the cyber-attack that hit Cedar Rapids Schools last month, forcing the district to shut down for a week. The district has said law enforcement and lawyers advised it not to give any detail about what happened. It has notified nearly 9,000 current and former staff that their personal data has been exposed in the incident and has said it is still dealing with computer system issues from the attack that may impact the start of the next school year.

Copyright 2022 KCRG. All rights reserved.