After a ransomware attack two weeks ago, Roseburg Public Schools has more answers on the attack’s origin and is hoping to have its email and website up and running by the end of the week.
Superintendent Gerry Washburn said the FBI believes the attack occurred using remote desktop protocols, rather than malware attached to a staff member’s email.
Remote desktop protocols were developed by Microsoft to allow those who work remotely access to office computers. Version 8.1 of the protocols enabled a “restricted admin” function, which left the system vulnerable to hacking. Microsoft released an 82-page document explaining how to mitigate attacks, which are called a pass-the-hash attack.
He said the district isn’t releasing specifics on how the attack is being resolved, but noted that a report is forthcoming.
Washburn said he’s expecting to receive an update about the district’s servers by Thursday from Navigant, the data recovery company.
“Initially we will only be able to send and receive new emails. Email history will be available to staff on the computer they normally used to send and receive email. Once the system is up and running, IT staff will have to scan email histories to ensure they can be safely uploaded to the new email platform,” Washburn said in a statement.