SUMMIT COUNTY, Ohio — Students will be back in class on Tuesday at Coventry Local Schools following a recent infection of the 'Trickbot' virus that forced the district to cancel school on Monday.
The FBI has joined the investigation of the infectious virus in the district's network and computer systems. The district says that the FBI informed them that organized crime is behind the cyberattack.
In a post on Facebook and a robocall to parents, Superintendent Lisa Blough says the infection happened at the end of last week.
"Even though our district technology team has been working diligently to stop and fix the situation, the process is proving to be long and painstaking," Blough wrote. "Since we cannot guarantee that the necessary operating systems will be up and running tomorrow, it is in our students best interest and welfare to cancel school. Therefore, Coventry Local Schools will be closed tomorrow Monday – May 20."
Blough says the 'trickbot' is a virus that seeks out personal and financial information.
It's why the district has frozen its banks accounts. The virus also compromised security systems in the district's buildings, as well as the heating and cooling. And Blough also said at least two staff members reported that their Amazon accounts were accessed. One teacher found out that their account was used to buy computers.
There's no word on what other personal information may have been compromised, but Blough has been encouraging staff and others to change their passwords – including parents who have access their students lunch accounts.
For now, students and teachers will be able to use Chromebooks and Apple products to get through the rest of the school year.
There are about a thousand devices that will have to be cleaned and reprogrammed, a task that may take up the summer months.
Blough issued a robocall to parents on Monday evening indicating that all schools will reopen on Tuesday, and extra security will be provided to make students and parents feel safer.
Gary Frank, who is a Coventry graduate and a current Coventry parent has donated Tuesday's security services from his private security firm, Typhon Security.
What is Trickbot?
The Trickbot virus was originally developed in 2016 as a Windows-based "Trojan Horse" malware, meaning that it hides in seemingly friendly emails and links, ready to be unleashed by an unsuspecting user.
"It is considered to be the worst by the FBI today, " said cyber security expert, Ken Fanger, president of Cleveland-based consulting firm, ON Technology Partners.
Fanger says any user can be easily fooled by a fake email, with links or attachments that look legitimate.
"You click on the link, and it looks like a real link, and it'll take you, and redirect your link, and that's where you get the bad link," said Fanger.
Once the Trojan is inside the network, it finds cached bank and financial passwords, which is how the schools employees' Amazon accounts were hacked to purchase high-ticket items.
So has the Chrome browser ever asked you if you'd like to save your password? Fanger says to never allow it, and adds it's good practice to frequently clear your cache. To do this, press the CTRL key + H. Click on "Clear Browsing Data," then "Clear Data."
Better yet, Fanger suggests using Chrome's incognito mode, which can be found by clicking on the three dots in the upper right corner on a mobile or desktop page, and selecting "New incognito window."
The most important rule: Never click on an unconfirmed link or attachment. Fanger says you should call or email the sender separately to confirm that the link or attachment is legitimate.
It's an inconvenience, but it's a rule that Fanger himself admits, he violated in 2007, and it cost him $40,000 in repairs.
"Just remember they [the criminals] know that it's tough to pass up on that link or attachment," he said.