KWWL reports:
In a message to families and staff on Friday, the Cedar Rapids School District (CRCSD) said it paid a third-party entity in an attempt to stop vital information from being released during a recent cyber security incident.
The letter sent to parents, viewable on KWWL’s site, says:
As part of the process to resolve this matter, CRCSD made payment to a third-party entity to ensure critical information that may have been accessed was not released. We made this decision after consulting closely with cyber security experts and legal counsel and determining it was in the best interest of our school community.
Read more at KWWL.
The attack had occurred over the Fourth of July weekend , and the district was still struggling to recover from it weeks later. The letter to parents does not indicate how much the district paid. Nor does the letter suggest that the payment was for any decryption key, but rather to prevent the leak of personal information exfiltrated by unnamed threat actors.