malware bug.JPG

 Ohio School Students Sent Home Because of a Malware Infection

TrickBot infections impacted PC fleet, phone and HVAC systems.

An Ohio school district was forced to send students and some of its staff home on Monday after a malware infection caused major issues to it’s IT infrastructure.

What was surprising was that the malware infection was not a ransomware attack, as most experts would have expected, but a banking Trojan. Which we just reported on in last month’s article about a Q-bot a Trojan virus infecting businesses through phishing attacks.

In this newest instance, the malware that brought down the school district's IT systems is named TrickBot, according to a Facebook post published Monday by officials from the Coventry Local School District in Ohio.

Officials said they were infected last week, but only discovered the infection on Friday. Despite working to restore impacted systems, the school district's IT staff were not able to finish their recovery efforts over the weekend.

Lisa Blough, the Coventry Local School District, told local media that the school didn't suspect any of its 2,000+ students for purposely infecting the school's network with TrickBot, and that "one of the first computers infected was in the treasurer's office."


The FBI has been counseling the school district and helping with recovery efforts. In mid-March this year, the Department of Homeland Security sent a warning about an increase in TrickBot attacks.

The malware started as a banking Trojan specialized in stealing credentials for banking portals, but changed it’s tactics around 2017, when it was re-purposed into a multi-purpose malware platform which increased it’s reach of victims.

Recently, TrickBot users infect computers with their malware and often rent or sell access to infected computers to other cyber criminals on the black market.

The Emotet and Q-Bot banking Trojans also use this tactic as well. In recent months, many ransomware incidents have been tracked down to initial infections with either Q-Bot, Emotet, TrickBot viruses.

Security researchers often warn that the newest infections should be treated with the highest-priority because they can easily turn into more damaging attacks. For the vast majority of cases, the TrickBot crew uses spam email to infect victims.


It is unclear how this started for the Coventry Local School District network last week to force officials to shut down their IT network, but if we take Blough's word for it, it was pretty serious.

"It seemed like once one machine was infected, 10 more were right behind it," Blough told News5 Cleveland. "Soon the whole network essentially stopped functioning."

In a separate interview with the Akron Beacon Journal, Blough also said the malware brought down the school's phone and HVAC systems. To recover from the attack, the school's IT staff reinstalled over 1,000 computers.