October 08, 2019
The Cherry Hill Public School District has been without a fully functional computer network for nearly a week, preventing some employees from sending or receiving emails since Thursday.
A message on the Cherry Hill Public School District website on Tuesday noted the schools "are experiencing email and other technology-related outages", and thanked users for their patience.
Cherry Hill superintendent Joseph Melcohe confirmed the outages this week, according to the Courier-Post, and said he's focusing his efforts on getting the systems back online.
According to the Courier-Post, the outages are believed to be tied to a ransomware attack on the district's computer systems:
"However, some files within the computer system were reported to be encrypted and screens displayed the word, 'Ryuk,' which is associated with a criminal organization that demands ransomware payments to unlock affected computer systems."
PhillyVoice reached out to the Cherry Hill Public School District for comment, but didn't immediately receive a response. This story will be updated if we hear back.
Ryuk is a variant of ransomware, malicious software which can encrypt files on a user's computer and render them unusable until a condition is met. Ryuk was first seen last August and is responsible for multiple attacks around the world, according to a June report from the National Cyber Security Centre. Most recently, it's believed to be the ransomware variant behind an attack on one of Alabama's largest health systems.
According to security firm Crowdstrike, the group behind Ryuk is believed to be based in Russia.
Just last week, the FBI issued a public service announcement warning of increased high-impact ransomware attacks on U.S. businesses and organizations:
"Ransomware attacks are becoming more targeted, sophisticated, and costly, even as the overall frequency of attacks remains consistent. Since early 2018, the incidence of broad, indiscriminate ransomware campaigns has sharply declined, but the losses from ransomware attacks have increased significantly, according to complaints received by IC3 and FBI case information."
The FBI said in its PSA that it doesn't advocate paying the ransomware's demands because it incentivizes future attacks.