An Ohio school district closes for a day following banker Trojan infection

A school district at Ohio had to direct students as well as certain number of staff members to go back home May 21 because a malware attack resulted in the school's IT infrastructure confront major problems. But, astonishingly, it wasn't a ransomware infection unlike the expectation of many infosec experts rather the malware was one banker Trojan.

Officials of Ohio's Coventry Local School District posted on Facebook same day that the malware to be precise was Trickbot which was responsible for shutting down the IT infrastructure. www.zdnet.com posted this, May 21, 2019.

The infection, according to the officials, occurred earlier the week before; however, they detected it only Friday, May 17. As for restoring the affected machines, the IT experts of Coventry Local School District couldn't complete the task even during the weekend.

Superintendent Lisa Blough of the school district said because it couldn't be said for sure that the day to day operating systems would get fixed and workable the next day it was decided that school would remain closed on Monday next.

The cyber attack, which resulted in closure of the Coventry Local Schools while hijacked the district's PCs, shortly drew the FBI's attention. Ms. Blough during one phone interview with FBI agent learnt that the Trickbot malicious program contaminated the district's PCs.

Ms. Blough said the agent told her that the virus was created for grabbing money or banking information when it attacked its targets. Among the foremost PCs contaminated one belonged to the office of the treasurer. www.ohio.com posted this, May 20, 2019.

Understandably, Trickbot began its activity as banker Trojan which would filch credentials required for logging into banking portals, however, changed techniques during 2016-17 the period of its repurposing into multiple activities. Currently, the Trojan virus is used for infecting PCs while hand over their access on rent to other malware purveyors. Cyber-security website F-Secure states Trickbot controllers spread their ware through a file attachment on bulk e-mails.

Although not ready with an initial computation of how much effect the assault had on the school district's finance, yet Ms. Blough stated it would amount to considerable costs.

» SPAMfighter News - 5/24/2019