A school district in North Carolina intends to spend $314,000 on rebuilding more than a dozen servers affected by a malware attack.

On 27 December 2017, the board for Rockingham County School District held an emergency meeting and voted 7-1 to approve a 12-month, $314,000 service contract with Georgia-based technology solutions provider ProLogic ITS. The contract, which is currently pending review, will give 10 Level 3 and 4 engineers at ProLogic the necessary funding to rebuild 20 servers after the school district suffered a malware attack. It will also cover virus mitigation services offered by the provider, including on-site imaging for 12 servers and 3,000 client systems.

Greensboro News & Record reports that the monies, which will come out of the school’s unrestricted fund balance of approximately $5 million, will cover a total of 1,200 onsite repair hours. It’s estimated the cleanup won’t take longer than a month.

According to WMFY, the malware infection occurred on 11 December 2017 when employees at Bethany Elementary, Western Rockingham Middle School, and the district’s Central Office opened an “incorrect invoice” email that appeared to come from Rockingham County School District’s antivirus provider. The emailed used that lure to trick the employees to click on a Microsoft Word document containing Emotet, a trojan which injects itself into the networking stack and software modules of an infected machine. From those locations, the malware can steal financial and personal information, perform distributed denial-of-service (DDoS) attacks on other systems, and distribute additional banking trojans.

Tech Scout’s Kent Meeker is familiar with Emotet and says the malware is difficult to remove from an infected server. As he told WMFY in a separate article:

So if you click on something that you shouldn’t or didn’t know about it can immediately load that onto your system, and (Read more...)