harker-schooljpg-2505c0d27ef8f91e.jpg

(File photo)

The New Jersey school district whose entire computer network was being "held hostage" for bitcoins and being forced to postpone the PARCC exams is still compromised Tuesday afternoon.

Technicians at the Swedesboro-Woolwich School District, which is home to four elementary schools in Gloucester County, discovered that its entire network was down Saturday morning when they received a ransom message asking for 500 bitcoins -- an online currency popular in underground markets.

While the bitcoin market is volatile and the exchange rate fluctuates greatly, as of Tuesday afternoon, 500 bitcoins is equivalent to about $124,000.

Swedesboro-Woolwich's IT department, along with assistance from the Educational Information Resource Center (EIRC), which has volunteered employees to help, are working to restore the systems and law enforcement was notified Tuesday morning.

Woolwich Township Police, the Gloucester County Prosecutor's Office's High Tech Crimes Unit, New Jersey State Police, FBI and Homeland Security are involved in the investigation.

The breach has affected the district's entire system, from email communication and online resources to the PARCC exam, which is taken entirely online, as well as Excel spreadsheets and .pdf files created by staff members, Superintendent Terry Van Zoeren said.

"We are still a long way from being fully operational," he said. "We have to work to restore the functionality of all of our computers."

With the systems down, teachers and students are "operating like it's 1981," Van Zoeren said Monday afternoon, but the teachers have done a good job of rolling with the obstacles.

"The teachers did a great job of moving forward and picking up the pieces and making sure the kids had a successful instructional day," he said.

While the prosecutor's office has been involved in similar hacking incidents at local school districts, this is the first occasion they have seen an extortion attempt.

"Certainly any breach of any public computer system, especially a school, is extremely serious and we're doing everything we can to assist the school district and identify the person or persons responsible," Dalton added.

The district has restored encrypted files and its servers are in the process of being restored to remove any trace of the malware -- known as ransomware -- and the email and other systems are being restored, a post on the district's website reads.

"Ransomware is distributed via spam email attachments, applications that are contaminated, or websites that are hacked by criminals," the post says. "Once discovered, the district took steps to contain the infection and began the process of cleansing and rebuilding."

Student data is not expected to have been affected at this point, according to Van Zoeren.

"The way this ransomware works is different from a lot of viruses you might have heard about or read about," he said. "A lot of time a virus comes in, attacks a system and destroys it. Ransomware is more like an octopus. It's tentacles wrap around your data. There's no destruction or extraction."

As it is an ongoing investigation, possible charges for the perpetrators are not yet determined, Dalton said.

---

Rebecca Forand may be reached at rforand@southjerseymedia.com. Follow her on Twitter @RebeccaForand. Find the South Jersey Times on Facebook.