Progress is being made to decrypt files in Port Neches-Groves Independent School District hit by ransomware with complete restoration expected by Monday.

“It’s truly a miracle we have made as much progress as we have in the amount of time we have,” Assistant Superintendent Julie Gauthier said. “All of the credit goes to our IT department, who has been working 24/7 since Tuesday morning.”

As of noon Friday, 551,000 out of 5 million files had been processed and decrypted. Internet access is back and student access is back, individuals can now work in the Word program and continue with business — the only problem would be if someone needed to access a file that had yet to be decrypted.

The Federal Bureau of Investigation has been investigating the matter, and Gauthier believes the suspects belong to an organization outside the U.S. and are not students or employees of PNGISD.

The district was hit by a cyber security attack that was noted at 7:30 a.m. Tuesday when employees attempted to clock in to work.

Gauthier said this is not a security breach that people are used to hearing about but a cyber security attack. All district files were encrypted and unable to be read, and cyber attackers were holding them for ransom.

In ransomware cases, the cyber attacker does not plan to sell the information but hold the files until a ransom is paid, usually in bitcoin. Once paid, a key is given to recover the files.

“The district was able to negotiate access to get the decryption key,” Gauthier said.

The issue of cyber attacks is so widespread that PNGISD has a rider on its insurance policy to deal with cyber attacks.

“This is more about being prepared and educating people on what to click on,” she said.

Gauthier said it appears the cyber attackers created an icon that looks like that of Google Chrome that appeared so authentic it was hard to detect. The ransomware may have been in the system for months before it was actually released, she added.

“We have lots of firewalls and definitely have programs to help, but in the end if it’s suspicious don’t open it,” Gauthier said. “If it’s not an email you are expecting or from someone you know, our advice is to delete it. If they really need you, they can email you again or give you a phone call.”

Gauthier said the school district’s Information Technology department took the issue very seriously.

Bringing everything back to normal has been a labor-intensive task.

Robert Johnson, network supervisor with PNGISD, said there are nine campuses, two administration buildings and the alternative education center that were hit to varying degrees. Workers in the IT Department had to check every station in the district to see what machines are encrypted.

No data was lost or shared as the culprits only wanted to deny access as a way to financially benefit them, he said.