14 Pinal County school districts hit with ransomware attack to payroll system

PINAL COUNTY, AZ (3TV/CBS 5) -- Several schools within Pinal County were hit with a ransomware attack last weekend, which could leave thousands of teachers without pay. According to the Pinal County school officials, hackers attacked the Pinal County School Office Data Processing Service Consortium system, which school districts use to process payroll. The 14 districts impacted are Apache Junction, Casa Grande Union High School, Combs, Coolidge, Florence, Maricopa, Mary C. O’Brien, Oracle, Picacho, Sacaton, Santa Cruz, Stanfield, Superior, and Toltec.

The Pinal County School Superintendent’s Office says staff have been working around the clock to restore access and say checks will be printed to 4,514 staff members in all districts. Employees are asked to wait for instructions from their school districts about when they can pick up their checks.

“The School Superintendent’s Office recognizes the difficulty this will cause employees of our school districts and wholeheartedly apologizes for the inconvenience resulting from this unfortunate situation,” the Pinal County School Superintendent’s Office said in a statement.

The FBI and Department of Homeland Security are working alongside the office to find out the cause of the attack. Officials say the payroll system isn’t connected to the Pinal County Government IT Network, so no other systems were affected.

“It’s a very big threat, and it’s only getting bigger. I don’t think it’s going away,” said Jim Summers, CEO and President of TeamLogic IT. He explained what happens during a ransomware attack. “They’ll encrypt the data and hold the key for ransom. The business will either have to recover from that or else pay the ransom to get their data back.”

Summers explained ransomware attacks typically start with an email containing a malicious link. It can take seconds for the computer’s data to be breached and minutes to fan out to a network of computers.

When asked what the School Superintendent’s Office could do after being hit, he said, “Assuming this data center has a backup somewhere that they can draw from, they’d be able to pull that data back into the system and not have to pay the ransom if they can recover all the data.” He said many hackers want payment made in BitCurrency.

Summers said phishing email trainings for employees in any business and multi-factor authentication are a good way to help prevent falling victim to ransomware attacks.

See a spelling or grammatical error in our story? Please click here to report it.

Do you have a photo or video of a breaking news story? Send it to us here with a brief description.