You may already know that ransomware is still on the rise and its devastating impact on organizations, but what you might not know is that attackers have lately focused on the US school system ranges K-12. In recent years, some school and hospital districts have been forced to pay the ransom when ransomware plagues the network. While hospitals were targets years ago, attackers have moved towards targeting the school system.
The most recent school district to fall victim to ransomware attacks was the Flagstaff Unified School District. Soon after, Connecticut’s school districts fell victim to ransomware attacks. The attacks in Connecticut were reported as being two separate attacks within a four-month timespan. Schools hit with ransomware have been ill-equipped to handle attacks, and the results have been to send students home. Not only have these attacks been an inconvenience, but they’ve also affected standard school schedules and threaten to destroy critical student and teacher data.
School districts are just the next organizations on which attackers have recently focused. In recent years, cybersecurity researchers have seen an increase in ransomware attacks, and many government entities are poorly trained in situations presented to employees where they fall victim to a phishing email. Employees in school districts usually have access to centralized databases that could also be poorly secured, giving ransomware software the ability to encrypt anything from database data, email, files, and data across shared directories.
Encrypted data leads to critical downtime for any organization, but it’s especially time-consuming for government entities. Police are unable to access records, teachers cannot access student records, grades can’t be recorded, payment systems don’t work, and the organization must take money using antiquated checking payments. Students are also blocked from checking grades, enrolling in classes, and communicating with teachers. With a strong ransomware attack, organizations can no longer function.
With most attacks, attackers have two motives: steal data or encrypt data to make money on a ransom. Stolen data can be used for several purposes. The first one is to sell it on darknet markets. Student social security information is valuable for identity theft, and an attacker can sell this “clean” data at a profit. Attackers can also keep the data and use it for further attacks such as phishing. If any credentials are included in the stolen data, attackers could launch attacks at other accounts for monetary gain.
The second purpose is to make money on the ransom. Several organizations have paid thousands in ransom fees using crypto as a way to hide their identity so that law enforcement cannot trace transactions to the attacker. The use of crypto with ransomware makes it nearly impossible to track, and these issues are why it’s sometimes better for targeted entities to pay out the ransom rather than find other means to recover data.
Organizations with endless budgets take time to train employees on the dangers of phishing and malware. School districts are notoriously low-funded, so attackers can rightfully assume that no budget has been allocated for cybersecurity training. Unfortunately, poor training and cybersecurity tools lead to successful cybersecurity events.
Ransomware attacks mainly start with phishing. Attackers spoof email sender addresses and spear-phish with links or attachments that target recipients with elevated privileges. Even low-privileged users can be used as targets when the main goal is to encrypt files for money. Attachments and links to attacker-controlled sites are used to trick users into downloading the malware. Attacks can be multifaceted as malicious content could download additional malware and give attackers remote control of the local machine.
Two systems reduce phishing email inboxing. The first one is using intelligent AI-based email filters. These filters use a combination of standard email security settings (called DMARC) and AI to identify malicious email messages. Messages are sent to a quarantine where administrators can review them for any malware and either delete them from the network or (in the case of a false positive) send them to the intended recipient.
The second system is DNS-based content filtering. This cybersecurity system blocks access to identified IPs that distribute malware or participate in phishing. Should an employee receive an email with a malicious link, the DNS-based content filtering system stops the recipient from accessing the attacker-controlled website.
Using both DNS-based content filtering and email cybersecurity systems, an organization can greatly reduce cyber incidents. Organizations should not be reactive and implement these systems after a successful attack. Instead, they should be proactive and implement them before ransomware and other malware cripples normal workflow.
If you're an IT Pro working in the education sector get in touch and a seasoned engineer will review your requirements and make recommendations. All of our trial customers get full FREE technical support during the trial period.
Sign-up for email updates...