Thu | Jun 29, 2017

US$5,000 or else! - Hackers hijack data from 16 Jamaican schools and demand ransom

Published:Sunday | April 30, 2017 | 4:00 AMJovan Johnson
Ruel Reid: “We’re in a very difficult environment where security is concerned and technological breaches in terms of cybercrimes it is now upon us.”

Information belonging to more than 14,000 Jamaican students from 16 local high schools being stored on an online database hosted in the United States is being held hostage by hackers who are demanding US$5,000 to release the data.

The system, which suffered a similar attack six years ago, is used to generate school reports on students' performance. Parents also access it to monitor their children's progress. It does not contain information on teachers.

Michael Dingwall, the owner of SchoolManagerJa, developed in 2009, said that he discovered the problem last Monday and informed the schools and the Cybercrimes Unit of the Jamaica Constabulary Force.

"They have hacked into it and they have encrypted everything on the server. They scrambled everything on the machine. In fact, the machine is no longer usable. They are demanding payment. It's called 'ransomware'. That is what the police and the Ministry of Science, Energy and Technology are telling me," Dingwall told The Sunday Gleaner.

"It happened somewhere between last Sunday evening and Monday morning. I normally check every day, but I wasn't well Sunday, so I didn't do my daily checks. I found out and called the hosting companies and told them that something was wrong. When they did their investigations, they realised that the data has been scrambled," added Dingwall.

He said that further probing revealed a note with the demand for the equivalent of approximately J$640,000.

"I don't think they want the data. What they want is to prevent me from accessing the data unless I pay them. They are saying if I pay them, then they will send a decryptor key to get back the data."

But Dingwall, who said a Half-Way Tree data specialist has joined the probe, is adamant that he will not pay.

"I can't pay them. Even if I should pay them, it's almost certain they would not unscramble it because what they did is a crime. All I would be doing if I pay them is contribute to a crime to help them to do this to other people, and, perhaps, to come back and do it to me in the future."

In a high-profile US case last year, the Hollywood Presbyterian Medical Center said that paying US$17,000 (J$2 million) was the "quickest and most efficient" way to get back the hospital's systems.

That was one of the incidents in a 50 per cent increase in ransomware attacks on businesses around the world in 2016, Verizon, a leading US wireless communications provider, reported last week in its annual data-breach report.

Americans tend to pay as reports suggest that 64 per cent of ransomware victims meet the demands because cracking the software to get the locked data has proven even too difficult for the Federal Bureau of Investigations.

The Sunday Gleaner has been unable to get a comment from local law enforcement, but according to Dingwall, in his case, they can't do much.

"They have said there's not really much they can do because the hackers are overseas and are really good at what they do."

He has defended his system, saying that steps were taken over time to reduce the vulnerabilities, but "if they can hack major sites like the US Central Intelligence Agency's, then my site is vulnerable. Any site is vulnerable to hacking."

According to Dingwall, good news started trickling in late last week as some of the information was recovered and will be placed on a "new and more powerful server" being developed.

"We did everything possible to protect the data. We urge schools when they use the system to do their own backups - paper back-ups."

One of the 16 schools affected is Edith Dalton James High, and its principal, Angella Lafayette-Thompson, told The Sunday Gleaner that they have been using the system since it was established.

She said that the school has a backup for all the years except for the current school year.

"We would not be facing a problem right now. What will be coming up next is the end of year, and we're hoping that the problem will be fixed by then," said Lafayette-Thompson.

In the meantime, education minister Ruel Reid said that the Government would be reviewing how schools procure and use such systems with a view to implementing a policy to standardise the process.

The education minister said that the situation highlights the need for a standardised system: "At the moment, schools are allowed to pursue those initiatives on their own. There is no clear policy."

Along with SchoolManagerJa, there are at least two other systems that schools use, and Reid said that the situation has to change. "I'm a bit concerned about some of the software and the procurement."

He suggested that the changes could be reflected in an information and communication technology policy for the education ministry that was recently drafted.

"We're in a very difficult environment where security is concerned, and technological breaches in terms of cybercrimes, are now upon us."

jovan.johnson@gleanerjm.com

 

 

The 16 schools affected are:

 

- Camperdown High

- Northern Technical High

- Clan Carthy High

- Holy Trinity High

- Edith Dalton James High

- Glengoffe High

- Carron Hall High

- Denham Town High

- Morant Bay High

- Meadowbrook High

- Kingsway High

- Charlie Smith High

- Pembroke Hall High

- Marymount High

- Tacky High

- Yallahs High