Neenah School District Insurance Policy Limits Personal Expenses in Jan. 10 Ransomware Attack
reader question: Did the Neenah School District end up paying a ransom to solve the January 10 attack on its information systems? If yes how much ? Does the district have insurance to cover this type of incident? What information was damaged or stolen? Has the culprit been identified?
Responnse: Much is unknown, at least publicly, about the January 10 ransomware attack that disabled the school district’s internet, phones, email, and other information technology, causing schools to close for a while. two days.
Jim Strick, the school district’s communications manager, said a ransom was demanded by the hackers, but he declined to disclose the amount or whether all or part of it was paid by the school district’s insurance company, Aegis. LLC.
“The lawyers were pretty clear,” Strick said. “They don’t want to know whether we paid or not, sort of because of threats of future attacks.”
One thing is clear. The school district itself did not pay any ransom. His disbursements were a $5,000 insurance deductible and overtime costs for two hourly employees working to restore the feature.
The district has also hired Green Bay’s Camera Corner Connecting Point to help with the recovery. “They’ve helped back up and restore many student iPads and Chromebooks,” Strick said. “We have a bill from them, but we’re pretty confident the insurance will pay for it.”
RELATED: Get to know the candidates for the Neenah School Board
WATCHDOG QUESTIONS AND ANSWERS: Duke Behnke answers your questions about local government
The school district restored its most critical systems in time to reopen schools on Jan. 13, but other aspects, like the school district’s COVID-19 dashboard, are still not functional, and there are no no timetable for full restoration.
School officials continue to investigate information accessed during the attack.
“At this point, we have found no evidence that any student or family information has been compromised,” Strick said.
The school district reported the attack to the FBI and provided information to aid in its investigation.
While running Aegis, Neenah worked with law firm Fisher Broyles, which handles ransomware attacks on school districts.
Strick said Fisher Broyles recognized the work of the hackers, describing them as “a known international group”.
“When they saw what happened to us, they knew who it was,” Strick said.
The insurance policy that caps the school district’s costs from the attack was put in place by Andrew Thorson, the district’s assistant administrator for business services, shortly before his death in 2020.
“He and Matt Anderson, our technical director, noticed that it could be a vulnerability, and thank goodness they did it,” Strick said. “It saved us a lot of money.”
Post-Crescent journalist Duke Behnke answers your questions about local government. Send your questions to [email protected] or call him at 920-993-7176.
SUPPORT LOCAL JOURNALISM: Our subscribers make this coverage possible. Click to view special offers from The Post-Crescent at postcrescent.com/subscribe and download our app from the App Store or Google Play.
This article originally appeared on Appleton Post-Crescent: Neenah Schools Insurance Policy Limits Costs of Ransomware Attack