It's been more than two weeks since a school district in Massachusetts got hit with ransomware.
The district paid hackers $10,000 in Bitcoin for decryption keys, and this is what the district website still looks like on April 30, 2018:
And when you email the school superintendent for an update on what's happening, this comes back:
Leominster is about an hour west of Boston.
And if the Sentinel and Enterprise is accurate, this appears to be a case of a "quick ransomware fix" meeting up with reality: it is not as easy as it sounds.
"An email sent out by Leominster High School Principal Christopher Lord Tuesday evening made the timeline for addressing the hacking sound more indefinite.
'Due to some very sophisticated hacking, our mec.edu email system has been down for almost two weeks. It does not look as if our email system will be up again any time soon,' he wrote."
The paper also says the school lunch payment system is frozen.
To communicate with parents and each other, teachers have signed up for and are using Gmail accounts, according to CBS station DFW. And the decision to pay the ransom came from the town's police chief.
"Goldman, the police chief, said Deacon [the Superintendent] asked him for advice on the matter, and he told her to pay the $10,000 ransom. Goldman said there were some negotiations between the district and the hackers, and when the school system agreed to pay the ransom they were sent passwords to unlock certain files, as proof that the cyber extortionists could unlock the files.
Goldman said it is 'impossible' to track the cyber extortionists down."
The police chief told the CBS station that is why there is no pending criminal investigation in this case.
And that's one of the problems with cybercrime, isn't it? Too often it pays off with little or no consequence to hackers.
We recently saw the Secretary of Homeland Security speak, and she was talking tough: "I have a news flash for our adversaries. Complacency will be replaced with consequences."
I guess we'll see when that starts and how far it goes.