NACOGDOCHES COUNTY, Texas (KTRE) - “A ransomware attack has affected some computers at Nacogdoches ISD, and district officials are now in the process of verifying the kind of virus involved and how many documents and functions have been damaged."
Above is the lead paragraph from a press release issued Tuesday afternoon. It’s the kind entities and public agencies dread having to write.
'The cybersecurity attack encrypted and locked files on PCs, so some of the district’s computer users cannot read them; the attackers do not have access to any of the information, wrote Les Linebarger," NISD’s executive director of communications.
Just hours earlier, Nacogdoches County Commissioners began the move to abide by a new state law requiring state and local governments, including school districts, to take annual cybersecurity training course certified by the state.
Each commissioner sat behind a computer, one of about 400 in the county, as they voted to enact cybersecurity training for each of the county employees.
“We will be monitoring it. And we will be enforcing it," said Judge Greg Sowell.
The measures are strict because the cybersecurity training course is state-mandated. They’re also because Nacogdoches County has experienced a cyber attack more than once.
"Yes, we have had it happen twice here," shared John Ericson, the IT director for Nacogdoches County.
Ericson said it was a ransomware attack, similar to one discovered today in Nacogdoches Independent School District. Ericson says files that are important to officials to taxpayers are unknowingly encrypted over days.
Then the message appears saying, “If you want to them back this is how much it’s going to cost you,” said Ericson.
Fortunately, Ericson's backed up server and IT knowledge beat the infections explaining why he never gets excited over a ransom the county never intends to pay.
Still, the attacks are annoying and dangerous. State-mandated training by all state and local government employees and contractors must occur at least once each year.
"The ways that they can become infected are limited to only by the minds out there trying to figure out a way to hack a computer,” said Judge Sowell. “And so it's going to be forever changing. It's going to be evolving and going. It's just like a confidence game. It's going to be changing, so we are going to have to change with it. "
The 45-minute online training course is free. At least five courses are written to enlighten government employees on how to protect information and the best ways to address security threats.
The deadline to take the training is June 14. Those who fail to undergo the training will lose computer usage.
Meanwhile, NISD has shut down its network to protect computers unaffected by the virus. The method of the attack is unknown.
NISD has contacted other agencies and vendors for assistance, including Microsoft, in re-establishing the district’s computer network, according to the district release. The Texas Education Agency and the FBI have been notified.