Digital Forensics Dispatch
Digital Forensics Blog
by Sensei Enterprises, Inc.
School Board in Arkansas Approves Negotiations with Ransomware Hackers
December 8, 2022
In a recent article, Cynthia Howell of the Arkansas Democrat Gazette reported on a special meeting of the Little Rock Arkansas school board. During the meeting, the board authorized school superintendent, Jermall Wright, to enter into a “settlement” with the party responsible for a ransomware attack affecting the roughly 21,000 student district.
Third party computer forensic experts were retained to assist in mitigating and determining the scope of the breach. At the meeting, the investigation was characterized as ongoing but the forensic firm had confirmed that some data had likely been exfiltrated from the network, and not simply encrypted to be held for ransom.
Wright further explained that the district had notified the appropriate law enforcement parties and that they intended to cooperate with any law enforcement inquiries. The reports included an FBI Internet Crime Complaint report, or IC3.
The ransom, or settlement/fees as the board characterized it, is apparently $250,000. It passed in a vote of 6 to 3. The comments by board members, especially those who voted no, reflected the wider argument regarding how to best deal with attackers once a ransomware attack has been discovered.
One of the members voting no was quoted as saying “I cannot support paying criminals for criminal acts.” This member further pointed out that it would be impossible to trust the attackers to make good on the “deal.”
Another member, who did vote for paying the ransom, explained that they found the idea offensive but necessary to protect the school, its students and employees.
Anyone who has followed the rise and proliferation of these types of cyber-attacks knows that it is unlikely that the school district’s problem with this attack will disappear even if a ransom is paid for the data. Between the potentially stolen data and very real risk for another attack, they are likely still at the beginning of a long and difficult process.
Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology