How Parkway School District Stopped Qakbot Malware With CrowdStrike Services

 

Your 20,000-user school district just got slammed by a virulent banking trojan, bringing your systems to a grinding halt. Now what? Parkway School’s Director of Technology and Innovation Jason Rooks explains why “reaching out to CrowdStrike ended up being our saving grace.”

Read Video Transcript

"Our Saving Grace": Parkway School District Stops Qakbot Malware Outbreak With CrowdStrike Services

[MUSIC PLAYING]

People tend to be surprised by how big a school district is and how close to a commercial enterprise we can be. We support about 3,000 to 4,000 staff members and about 17,000 students. We average probably about 20,000 users.

We have fiber connecting all 32 district locations. Our workstation fleet, Chromebooks, Windows, Macs runs about 15,000 end points. We are as much of an enterprise environment as a lot of the big companies here in St. Louis.

[MUSIC PLAYING]

Our primary focus in the school district is the success and the safety of our students. While security is a part of safety, in a school district, that’s usually focused more on the physical safety of students. And so that’s where, obviously, a lot of our resources go to.

One of the big differences between us and a commercial environment is that I don’t have a security team. So in addition to being the director of technology and innovation for Parkway School District I also wear the security hat.

[MUSIC PLAYING]

Unfortunately, what we experienced was what we believe to be a staff member that clicked on a malicious link, which loaded the QAKBOT malware onto our environment. Because of the way it was structured, the QAKBOT malware used that individual’s credentials to then start propagating across our environment, spreading from one workstation to the next, to the next, to the next.

And in that moment of crisis, we were looking for any help that we could get. And full disclosure, CrowdStrike wasn’t the first person we called. But that first person we called, that was not a positive experience. And it really didn’t feel like a partnership. And we really didn’t feel like our needs were being addressed.

A lot of what this first partner had recommended we had either already done or considered common sense. This initial vendor wasn’t giving us– relieving that pressure. Wasn’t helping us in a way that we felt was really remediating a solution.

[MUSIC PLAYING]

When we engaged CrowdStrike it was a complete 180. It was, OK, now we found that partner that’s going to get us back to a stable operating point, and make us feel like we’re actually winning this battle against this malware that’s spreading like wildfire through our environment.

During a very chaotic 24 to 48 hours is we’re just trying to get our arms wrapped around what was happening. Reaching out to CrowdStrike ended up being or saving grace. So in literally 12 hours we had a statement of work around what we needed to accomplish, an agreement on how we were going to move forward. Then we had actually started deploying the CrowdStrike agent onto our workstation.

And so we could not get the CrowdStrike agent out fast enough. That’s how much of a– we consider that a pivotal point in our battle against this malware was as the agent was being installed on our workstations, we were seeing the stop of the spread.

[MUSIC PLAYING]

I was glad that we contained it to three buildings and about 1,000 workstations. And CrowdStrike’s agent played a huge part in helping us contain that. Because it immediately detected it, and quarantined it, and stopped it from spreading.

One of the more tense morning for me was going to our superintendent’s action team, which is made up of our superintendent as well as assistant superintendents, our CFO, all of our district leadership, and report to them, OK, we’ve engaged this partner, CrowdStrike. We’ve turned a corner. We’ve stopped the spread of this malware.

Me being able to have the confidence to share that with them was big, because if I share that with them and then CrowdStrike doesn’t come through, that doesn’t bode well for my future. It’s a great feeling to have that partner that you know is not afraid to engage you, not afraid to challenge you, and is going to treat you as an equal. That allows me to then go and have those conversations with our leadership knowing and feeling and being confident that everything is going in the right direction.

TECHNICAL CENTER

  • OS icon
  • deployment icon
  • installation icon

For technical information on installation, policy configuration and more, please visit the CrowdStrike Tech Center.

Visit the Tech Center