Clover Park School District investigating possible ransomware attack

PIERCE COUNTY, Wash. — Facing a “system outage,” the Clover Park School District is investigating why it’s “experiencing a technology issue,” a district spokesperson said in a statement.

“We are working with third-party cybersecurity specialists to investigate the root cause of this system outage and will provide more information as our investigation continues,” the statement reads. “We are also communicating directly with families regarding this issue. Students should have access to their classroom teams, and we have provided families with a copy of independent learning activities they can do at home. Students who will (attend) school tomorrow for in-person learning will continue on schedule.”

A tipster sent KIRO 7 screenshots of the technology issues, showing a blue screen that states, “Clover Park School District, you are f-----.” The screen also includes a link, which leads to another page with specific threats and instructions.

“Clover Park School District, you’ve been hacked,” the site states. “Pay or grief. Sensitive information will be shared to the public ... There are (not) any third-party solution(s) which can help you. But you can damage your information.”

Christopher Budd, a senior global threat communications manager with Avast Software, said he unforuantely recognized what was happening to the school district immediately.

“I hate to say it but it looks like the school district has fallen victim to a classic ransomware scheme,” Budd said.

Budd said ransomware hackers tend to use polarizing language to scare victims into paying the money demanded.

“It’s kind of like grabbing you by the shoulders and trying to scare the (expletive) out of you because that’s one of the tactics they use,” he said. “Whether we’re talking to a criminal in the real world or in the digital world, they all know how to play with people’s minds.”

The only goal of ransomware hackers is to get victims to pay the ransom, Budd said, while advising victims to not give in.

“If you pay the ransom, you’re basically emboldening these criminals to do this again in the future,” he said. “You’re literally relying on honor among thieves. We have seen instances where people pay the ransom and they don’t get their data back.”

Budd also said ransomware hackers will go above and beyond to achieve their primary goal, noting the hackers involved in the school district’s ordeal provided a chatting service to communicate with the district.

“You can literally get better support sometimes from ransomware criminals than you can for software that you paid for,” he said.

Budd said the best defense is keeping reliable backups for data, so operations can’t be disrupted by hackers.

“The chief thing that ransomware attacks do is deprive organizations of resources. That’s where backups can come in and get you back up and running, no pun intended,” he said.