When you hear about ransomware, you usually hear about an enterprise business losing access to data, but ransomware attackers will target any private or public entity with enough funds to pay the ransom. In the latest ransomware incident, cyber-criminals shut down an entire New Jersey public school district. After a successful ransomware attack, the New Jersey Tenafly Public School District was left to use pen and paper, overhead projectors, and hands-on activities without access to any computer systems.
What Ransomware Does to School Districts
It’s hard to imagine how embedded technology has become in every part of our lives, and education is no different. Educational systems are slow to migrate from traditional testing and teaching methods, but many schools have integrated computer systems into classrooms. Technology allows for fewer resources and a better learning environment for kids, especially in science and math fields.
As with most school districts, Tenafly Public Schools uses technology heavily in science and math classrooms and labs, but an employee fell victim to a phishing email and allowed ransomware to install across the network. It’s unknown which ransomware variant was responsible for the attack, but most ransomware applications will scan all network resources to find files and encrypt as much critical data as possible. The more data encrypted, the less likely it is for a targeted school to recover quickly.
Schools need computer systems for grading, testing, and delivering content, so ransomware can quickly cripple educational institutions. The Tenafly School District was forced to cancel exams, and teachers were forced to work with projectors to teach students. Grades were unavailable, and administrators could not process any data that required network resources.
As with many ransomware attacks, law enforcement is involved in the investigation. The FBI is currently investigating the Tenafly School District attack, but many of them come from cyber-criminals overseas, which makes indictment and arrests difficult. Investigations can take weeks, and most businesses including school districts need their files restored before an investigation completes.
Why Target School Districts?
Many cyber-criminals are financially motivated, and ransomware is an effective tool at extorting targeted victims into paying the ransom. It’s impossible to decrypt files when ransomware encrypts them. Most ransomware uses AES-256 or RSA-2048 ciphers. These ciphers are cryptographically secure, and current computer resources are unable to brute-force keys within a lifetime. As computers increase in power, strong ciphers today might be weak tomorrow. However, businesses cannot currently decrypt files with any blackhat or whitehat technologies.
School districts usually do not have the readily available funds of an enterprise business, but they also lack the enterprise-level cybersecurity, which makes them a good target for ransomware attackers. Although public school districts get large sums of money from taxpayers, they do not have the money to pay a ransom as quickly as a large business, so it’s a misconception that the ransom can be easily paid.
Because public school districts run on strict budgets, they often don’t have funds to build advanced cybersecurity infrastructure. Some school systems have legacy infrastructure that no longer detects and stops current threats and sophisticated ransomware. Without good cybersecurity in place, attackers can much more easily install ransomware on a school system than a large enterprise network with a large cybersecurity budget.
Case Study: Ölands Kommunalförbund Deploymentof WebTitan DNS Filtering in K-9 Schools.
Read Case Study
What School Systems Can Do to Stop Ransomware
Even with a limited budget, school districts can still take the necessary steps to stop ransomware. The most important and cost-effective is installing email security on all email servers. Most ransomware starts with a phishing email. The phishing email contains a link to an attacker-controlled host where the ransomware can be downloaded, or the targeted user will be convinced to open a script file that then downloads malware.
Because ransomware starts with a phishing email, the most effective way to stop it is to block malicious email messages from reaching a user’s inbox. It shouldn’t be your only defense, but it should be a primary defense. Educating employees on how to identify a phishing email is also helpful, but it leaves the organization open to human error. The best way to stop ransomware is to use cybersecurity on your email servers and combine it with educating employees on the dangers of phishing and the typical warning signs.
Whether you’re an enterprise business or a school district, protecting your environment from ransomware should be a primary concern. Ransomware will cripple an organization and affect productivity for weeks. With email cybersecurity that blocks malicious messages and employee education, you greatly reduce your risk of a ransomware incident.
SpamTitan email security and WebTitan DNS filter can individually, or collaboratively protect schools from ransomware threats. Talk to a TitanHQ security expert to discover how we can prevent ransomware attacks.