EIRC Identifies Cause of Swedesboro-Woolwich Ransomware Infection

The Educational Information and Resource Center (EIRC) identified the root cause of a ransomware infiltration within the Swedesboro-Woolwich School District.

Swedesboro-Woolwich School District was hacked last weekend by malware that held the network hostage for 500 bitcoins. This attack disabled the district’s entire computer system network, suspending PARCC testing.

EIRC Network Engineers traced the virus to an internal Windows server. The attacker scanned public-facing IP addresses for open ports, and found ports that forwarded to this server. The attacker compromised the Windows server by using a set of vendor credentials with a weak password.

“The virus used a domain administrator account on the server to establish remote desktop sessions to infect all servers and workstations that were powered on at the time,” said Michael Procopio, Director of Technology Services. “However, the virus would have had the same results even if this server was a user-level account.”

The attack was not based in the United States. EIRC traced the virus’ traffic around the world but hit a dead end, as expected, according to Procopio.

Upon learning of the infiltration, EIRC offered a team of volunteers who have worked with the Swedesboro-Woolwich School District since Tuesday morning. EIRC staff initially assisted the district’s technicians to restore functionality of computer labs. PARCC testing resumed on Wednesday as a result of the combined efforts.

EIRC Network Engineers continued to work with the district to rebuild servers and trace the virus. EIRC's work with Swedesboro-Woolwich remains pro-bono.

EIRC’s Technology Services division provides technology support across the state of New Jersey, with solutions ranging from on-site staffing to infrastructure and installation services.

The Educational Information and Resource Center (EIRC) is a public agency specializing in education related programs and services for schools, parents, communities, and nonprofit organizations. EIRC has seen substantial growth in recent years due to increased partnerships with public and private foundations, colleges and universities, and other service agencies. EIRC, created by state legislation in 1968, has expanded from an ESEA Title III project located in a store front in Glassboro, NJ to a state-wide recognized agency located at Rowan University’s South Jersey Technology Park. Throughout the organization’s 46 years of service, the mission has remained constant and the employees have continued to create substantial programs to service the community of educators throughout the state. Programs also reach into more than 36 states and 15 foreign countries. For more information please visit www.eirc.org