The Lyon County School District is recovering from a computer ransomware virus attack that happened in early July. The district says that students and parents’ information wasn't compromised.

All of the Lyon County School District's phones are finally working after a month of being down. The district says the phones are part of computer network that was shut down to prevent the virus from spreading. “It appears to have gotten into our network from a machine that was not from Lyon County that was connected to our network,” said Lyon County School District PIO Erika Cowger.

The district says that in this case the virus was ransomware.  “What happens in ransomware is that it will encrypt all the data and hold that data. What they will do is hold that data hostage until they get their payout,” said IQ Technology Solutions VP of Operations Tom Shandley.

The school district says it did not pay the ransom, but that its insurance company did negotiate on its behalf. Shandley says that although he is not involved in this case, that typically paying off ransomware actually works. “Surprisingly almost a 100% of the time we've had to make payment, they've unencrypted the data,” said Shandley.

He says in most ransomware cases, the virus comes disguised in an email. “A user will get an email from a trustworthy source. But in fact it is not trustworthy. They click on a link that will install an executable on their machine that will spread the virus throughout the network,” said Shandley.

If you don't pay the ransom, recovery from a ransomware virus is difficult but not impossible, especially if you're prepared. “If all your data were to be encrypted, even though it’s been jeopardized, you could restore your systems from backups. Then you can resume normal work functions,” said Shandley.

In Lyon County’s case, the district's IT department is thoroughly checking the system to make sure there is no trace of the virus, before bringing the network back up. “Our IT department is touching every single machine and every server. They are checking basically anything and everything that operates within our network,” said Cowger.

The district says that at this time those who have come back online are safe to do so. 

As part of the ransomware attack, the district's email has been down. Administrative staff can still access their email, but teachers right now will have to wait until that function is restored.