Ransomware Authors Target Education and Government Organizations

Posted by Trevagh Stankard on Tue, Feb 15th, 2022

This year saw an increase in ransomware and phishing, but the main targets were education and government organizations. The pandemic and lockdowns offered numerous opportunities for attackers, and many businesses in these two industries suffered several data breaches in 2021. Reports of these attacks show that they continue to be a main threat for bad actors to steal data and blackmail businesses out of millions of dollars.

Florida DEO Loses 58000 Accounts to Attackers

Florida's Department of Economic Opportunity (DEO) suffered from one of the biggest government data breaches in 2021. The DEO lost 58000 records to attackers between April and July 2021, which shows how long it can take before organizations know that they’ve been breached. Verizon reported that it can take up to an average of six months before organizations detect a threat and contain it, which gives attackers plenty of time to exfiltrate data.

The CONNECT site breached is a major unemployment portal for Florida residents, and attackers were able to steal highly sensitive personal data. It’s reported that attackers stole Social Security numbers, driver’s license numbers, bank account numbers, claim information and other personal details, such as addresses, phone numbers and dates of birth. The extent of the damage is still unknown, but it’s evident that the start of the breach started from an email.

Florida’s DEO offered identify theft protection for residents affected by the breach, but it does not cover the costs necessary to eradicate the threat, find the vulnerability, perform investigations into the extent of the breach, and deal with any legal issues in the aftermath. Although the DEO suffered business expenses from the data breach, the residents who lost data will likely have long-term issues from the private data stolen.

For many of these breaches, attackers do not use the data to leverage financial theft for their own benefit. In fact, most attackers take the data and sell it off to others. The data could be sold to identity thieves, or it could be sold to other hackers who use it to steal financial accounts. Most organizations monitor darknet markets to find their personal data and any user data lost to data breaches.

Universities as Primary Targets

Education businesses were also a primary target, mainly universities. College students must provide several data points that expose their social security numbers, financial information, and contact data. Universities also are notorious for having poor cybersecurity, so they become a good target for attackers looking to exfiltrate sensitive data as quickly as possible.

Ransomware is a primary target for these institutions. An attacker using sophisticated phishing campaigns can install ransomware on the university system, and many of these educational institutions do not have good backup strategies. Storage space and backup automation are expensive, so they often eat too much from university budgets.

After an attacker installs ransomware, the next step is extorting money from the victim. Attackers assume educational institutions have millions to spend on extortion, and universities and other organizations are stuck sending ransomware payments in exchange for their data. In many ransomware cases, educational institutions have no choice but to pay the ransom. Sometimes, the attacker never delivers the private key to decrypt data. Cybersecurity experts discourage victims to pay the ransom to stop encouraging malware authors, but many targeted victims have no choice but to pay it.

Read Case Education Case Study

What You Can Do to Stop Phishing and Malware

Ransomware and many other malware attacks start with an email message. The best way to stop any attack is to use email filters. Email filters stop malicious messages, malicious links, spoofed messages, malware attachments, phishing, and many other attacks from reaching the recipient’s inbox. For organizations, it’s the number one defense against several of the prominent attacks in the wild.

The right email cybersecurity solution uses artificial intelligence to identify threats, so it catches zero-day attacks. Attackers always change their strategies to overcome the latest cybersecurity protections, so the right email filters must evolve to detect the newest threats. Administrators must be able to configure the solution so that your cybersecurity can catch even the most sophisticated attacks.

The advantage of a good email filtering solution is that the organization no longer relies on human intervention for phishing and malware. The technology takes care of it instead, which greatly reduces risk of a compromise from email messages. Without the right email cybersecurity, your organization leaves a huge window of opportunity for attackers to bypass all other protection and install malware on your network.