JOHNSON CITY, Tenn. (WJHL)- A ransomware attack against Smyth County Schools in Southwest Virginia launched an FBI investigation.
All student and employee information is believed to be safe after four servers and a few work stations were compromised.
“Ransomware is a type of malware that either blocks access to other machines on your network or your computer- more specifically it targets the file system and all of your data sitting on the machine,” says Ted Bradford, owner of Stable Convergence- an IT Company in downtown Johnson City.
Bradford said ransomware attacks are unique in the fact that they aren’t necessarily about taking someone’s data.
“Typically, ransomware attacks are not about stealing data- because that could be done more stealthily if you will. Ransomware is typically all about that money,” said Bradford.
He says that those who run these types of attacks want you to know that your system is being compromised- not the other way around.
“Folks who are extracting data, typically want it so they can either use it or sell it, if someone is trying to take your data, they want to be able to do that without you knowing,” said Bradford.
But- he says that attacks like the one in Smyth county aren’t as simple as opening suspicious emails.
“Any malware doesn’t have to be distributed in the “fake email” in the little PDF, this can come in a legitimate word document that’s hidden in the macro,” said Bradford.
What should you do if your system does come under a ransomware attack?
“Enterpol and Homeland Security both strongly recommend not paying: number 1-why encourage it, number 2-the percentage last year around this time- 17-18% got any data back,” claims Bradford.
…and the best way to prevent it-
“[Make] sure that your data is backed up if it happens. We also strongly suggest doing an image of your machine. An image takes a snapshot of your entire computer- all of your software, all of your files, as of that date,” says Bradford.