Ransomware Attack Takes Thousands of US School Websites Offline

Posted by Trevagh Stankard on Tue, Jan 25th, 2022

The start of 2022 already has its ransomware attacks that crippled thousands of US schools. School systems are a major target for attackers because they often have public funding to pay a ransom and many schools lack the sophisticated cybersecurity infrastructure to fight off malware authors. However, many attacks target vendors and other third-party providers that host a target’s services. In this case, a provider named Finalsite was struck with ransomware, and its downtime affected any school system that used its tools.

Targeting Third-Party Vendors to Extort Money from Victims

Finalsite is a cloud service that allows schools to communicate with parents. During the pandemic and in a time when remote learning is critical, it was quickly adopted as a way for schools to stay in contact with parents. It had notification tools, messaging systems and storage for student and parent information.

The Finalsite attack is an example of the many ways attackers can get to their goals. A vendor can also be a vulnerability used to exploit a system. In this case, the goal was to take down services with ransomware and force targeted victims to pay a ransom to get critical files back. Finalsite supported critical school systems, so ransomware authors bank on urgency and a vendor’s rush to get files back and systems back to normal.

Another example of this type of attack working well is with the infamous 2013 Target data breach. Target’s systems were compliant and secure, but a vendor employee fell for a phishing attack and disclosed network credentials. This phishing attack led to one of the biggest data breaches in the last decade and affected millions of consumers.

The ransomware attack affected 2200 school districts, which put more pressure on Finalsite to rush their recovery strategy. US school districts continue to be a primary target for ransomware attackers, and it has cost school districts billions of dollars in damages. Many of these issues stem from a lack of cybersecurity infrastructure. It’s one example of how a lack of cybersecurity resources can cost more than cutting costs on cybersecurity resources.

Ransomware and Cloud Systems

Most people think of ransomware destroying files locally, but they can also cause havoc with third-party cloud providers. These third-party providers have their own staff and systems that help manage customer resources. Should a staff member fall for a social engineering or phishing attack, this puts the cloud provider at risk.

An added risk for these providers is that they have critical services for thousands of customers. This leads to added pressure and risk for third-party providers to ensure that their cybersecurity is effective, including employee training and education on the importance of social engineering and phishing recognition.

Education and employee training isn’t enough, however, as even administrators and those familiar with cybersecurity still fall prey to sophisticated attacks. Organizations need tools that will detect these attacks and stop the ransomware from ever reaching the intended victim’s inbox.

Ransomware is also especially dangerous because it only takes one employee and one mistake for the targeted victim to launch the malware across the environment. Threat authors build malware and ransomware to span an environment quickly and encrypt as many files as possible to increase the probability of extorting money from its victims.

Download Guide: Ransomware Trends of 2021 and Predictions for 2022

Email Security is Critical

At the heart of a ransomware attack is the email system. Most of these attacks start with an email message. It could be addressed to several people within an organization, or it could be targeted at specific staff members with high-level privileges to many network resources. Email cybersecurity stops many of these attacks and reduces risk of falling victim to a ransomware attack.

Several attacks in the last decade have been from just one employee falling victim to one of these emails and installing ransomware on the network. Good email security will stop these email messages from reaching the recipient, but the right tools must be effective in detecting a myriad of email-based attacks. Ransomware isn’t the only malware that can cripple a business. For example, malicious messages and social engineering can be used to steal user credentials or trick a targeted employee into sending millions of dollars to an attacker-controlled offshore bank account.

It’s critical for organizations to see the importance of ransomware protection before they become victims. An effective cybersecurity system will scan email for malicious and suspicious messages, including potential attachments that could launch a ransomware payload. With email security, administrators can stop attacks and review any potential targets to ensure that employees are aware of ongoing threats. Learn more about SpamTitan Email Security, suitable for Schools, Businesses and MSPs.