Jim Thorpe Area School District’s administrative offices recently fell victim to a ransom malware attack, but the district’s technology department recovered all affected files without having to negotiate with the hackers.

The Apple laptops which the district distributes to all students in grades 7-12 were not affected in the attack.

The district had all systems running back to normal within about a week.

“We had backups, we had all the right things in place, it just cost time and resources to get everything back up and running again,” said Jerome Brown, the district’s technology director, at the district committee meeting Tuesday.

The district discovered the virus the afternoon of the first day of school.

The virus was isolated to the windows-based servers and PCs used by the district’s administrative staff. It immediately affected the servers which the district uses for its financial records and shared documents.

Then, every computer connected to that network became unusable. A message appeared on all the desktops saying that all the computer’s files were encrypted. The message provided an email, and said that the hacker would not release the encrypted files until they were paid in bitcoins, but not specifying an exact amount.

The message also provided instructions on how to purchase bitcoins.

Brown said the particular virus is called Phobos, and is not uncommon, having affected businesses and institutions across the country. It most likely resulted from a person clicking on an unsafe email attachment or web link.

Brown said he didn’t believe it was targeted to the school district.

“It’s common, but it’s nasty in the sense that you’re not going to be able to decrypt it yourself. Either you have backups, you pay, or you’re in trouble,” he said.

A school district in Luzerne County recently paid over $30,000 to hackers who encrypted their files with a similar virus. They only had to pay $10,000 in the end because of insurance. The difference in that case was that the district’s backups were affected, Brown said.

Jim Thorpe Area’s backups were not affected in the attack. The district had hard disk and online backups in place. Brown said his staff disconnected the server, cleared off all of the data, and rebuilt the files from the backups.

It took less than a day to get the individual computers up and running. Most of the system was up about a week after the attack, and by Sept. 13, all systems were back to normal.

Brown said he is proposing several improvements in the wake of the attack. One is an upgraded anti-virus software which will hopefully prevent hackers from getting access to the system in the first place.

The second is an updated physical backup system.

Brown said the backup system was already in the district’s budget, and he is holding off another scheduled software purchase in order to afford the anti-virus software.

The third step is educating staff about clicking on links which are potentially malicious. The software, called KnowBe4, would educate staff on what to look for to avoid clicking on potentially unsafe links.

“It’s called social engineering, and that’s where the weaknesses are at. Trying to educate our staff I think is really important to do,” Brown said.