38 Min Read

IS YOUR SCHOOL PROTECTED FROM RANSOMWARE?

By Ernie Delgado
November 15, 2019

THIS QUICK GUIDE WILL HELP YOU PREVENT THE WORST DAY OF YOUR LIFE

It's an early Tuesday morning and you are just getting the week started after a long 3-day weekend.  But today is different.  You've been hacked and are now your entire computer system and data sources are locked down and the only thing you see on your screen is a digital ransom note, most likely originating from an Eastern European hacker den.

The instructions are asking for $95,000 to be wired using Bitcoin using a secure browser.  All of your student data, financial records and all digital files are gone unless this is paid.  They might come down a bit on their ask, but regardless, this is not in the budget.

If only you had prepared for this!

The reality is that schools are now one of the main targets for ransomware and the trend is only increasing.

Is your school protected from ransomware?  This quick guide will help you prepare for the worst day of your life!

 

WHAT IS RANSOMWARE?

According to Trendmicro:

Ransomware is a type of malware that prevents or limits user's from accessing their system, either by locking the system's screen or by locking the users' files unless a ransom is paid. More modern ransomware families, collectively categorized as crypto-ransomware, encrypt certain file types on infected systems and forces users to pay the ransom through certain online payment methods to get a decrypt key.

In a nutshell, if you want your computer to work, you're going to have to pay.  This is very avoidable today.

 

HOW DOES RANSOMWARE WORK?

According to Forcepoint:

1 - The System Is Compromised

The majority of ransomware attacks start as a social engineering exercise, usually in the form of an attachment or malicious link. The aim is to entice the user to click on these objects in order to activate the malware.

 

2 - The Malware Takes Control

Once the malware has taken control of the system, certain file types will be encrypted and access will be denied to users.

 

3- The Victim Is Notified

For the ransom to be paid, the user must be aware of the demands of the criminals. At this point, they will usually receive notification on the screen explaining the demands and how they can regain access.

 

4 - The Ransom Is Paid

Once they have system access, attackers will either identify and encrypt certain file types or deny access to the entire system.

 

5 - Full Access Is Returned

In the majority of cases, attackers return full control to the victim. It is in their interest to do this; failure to do so would mean few organizations would be willing to pay if they didn't believe their data would be restored.

HOW CAN YOU KEEP YOUR SCHOOL SAFE?

According to CSO ONLINE:

  • Keep your operating system patched and up-to-date to ensure you have fewer vulnerabilities to exploit.
  • Don't install software or give it administrative privileges unless you know exactly what it is and what it does.
  • Install antivirus software, which detects malicious programs like ransomware as they arrive, and whitelisting software, which prevents unauthorized applications from executing in the first place.
  • And, of course, back up your files, frequently and automatically! That won't stop a malware attack, but it can make the damage caused by one much less significant.

SOME GOOD NEWS IF YOU ARE IN CALIFORNIA, FOR NOW!

The good news, so far, is that California schools have not experienced too many attacks yet.  Connecticut has that misfortune with 7 school districts getting hit by ransomware and Louisiana actually declared a State of Emergency after 3 districts were infected.

A total of 54 education victims, potentially impacting over 500 individual K-12 schools have been reported in the US since January 2019 according to a report by Armor

However ZD Net reported that there was another report from antivirus maker Emsisoft, that claims to have identified 62 ransomware incidents that impacted US schools in 2019.

 

THE THREAT IS SO GREAT THAT THE GOVERNMENT WANTS TO HELP

A new bill named the DHS Cyber Hunt and Incident Response Teams Act’ (S.315), which would create a response team to help both private and public organizations that run into ransomware attacks and provides assistance and other resources to cope with the growing problem.  The legislation is still waiting to get signed by President Trump.

"The Senate passing the DHS Cyber Hunt and Incident Response Teams Act is an important step in protecting Upstate New York school districts from the swaths of ransomware attacks that take hostage the personal information and vital data of our students, school employees and local governments," stated Senator Chuck Schumer in a press release published today.

"It’s critical that we use all available resources to protect New York students from cyber crooks, and enhance and increase our resiliency to these attacks," Schumer added.

According to Infosecurity Magazine:

"Crowder College, which reported an attack on September 11, claimed the ransom was a massive $1.6m, the first $1m+ demand since Monroe College in New York was hit with a $2m ransom note in July."

WHY ARE SCHOOLS BEING TARGETED?

“Cyber-criminals know these organizations can’t afford to shut down, they are often using out-of-date hardware and software, and they have few security measures in place. This is a deadly combination in the case of a ransomware attack, which provides for a high sense of urgency and a high probability of large payments,” said Chris Hinkley, head of threat resistance at Armor.

According to govtech.com, the recent wave is part of a larger uptick in ransomware attacks on governments across the nation. A CNN report published in May showed a record high number of attacks on state and local governments — with some 170 attacks since 2013, 22 of which occurred this year alone. 

 

THE PROBLEM WON'T GO AWAY, HOWEVER THERE IS A SOLUTION

To get the most current and accurate steps to prevent this from happening to you, I discussed the problem with my two top IT Support Technicians.  One of our techs has experience working with the US Government and the military IT infrastructure, and the other is our Director of IT who has setup and manages banks, real estate offices, startups and a variety of professional environments.  Below is a list of their recommendations and one from me.

"It is critically important to train your staff and all users of your network to never click on anything in an email they feel is not safe.  This is easier said than done because the hackers are getting very sophisticated on how they trick you.  If you're not sure, do not open or click.  What I do is call the person directly and ask them if they sent it and if it is safe.  95% of the time they are already aware of the problem and you are one of many people calling them.  That person needs to get their system secured also and you should refer them to this post!

Ernie D.

"To prevent this problem, you need a multi-layered security approach.  It is not a one-size-fits-all situation.  You need protection from different levels of your network."

Jason T.

 

"My number one recommendation is weekly sweeps of the entire chain of devices to keep computers and all connected devices up to date and scanned."

William P.

 

"It is highly encouraged to set up a server that will manage all user privileges, including guest accounts, to prevent users from infecting themselves and the entire network."

Jason T.

 

"One of the simplest steps is to make it a policy of all users of the network to have computer and network level virus scanners.  Including all wireless devices."

William P.

 

"Another important policy to prevent ransomware at your school is to set up a "3-2-1" backup system.  This will allow you to restore your data and associated computer systems in the event you get encrypted and tasked with a ransomware request.  In this case, you just need to reinstall the data from backup."

Jason T.

 

"Something most IT support companies won't tell you, definitely not a ransomware entity, is that there is no guarantee that after you pay the ransom, you get everything back.  Often times in these ransomware cases, you only get back a huge stack of data files and with no file names associated and all the subfolders are destroyed.  This creates another problem of recreating the file structure and getting the files renamed and put where they belong.  This is almost an impossible task.

Jason T.

HERE ARE THE STEPS WE RECOMMEND TO PROTECT YOU SCHOOL FROM A RANSOMWARE ATTACK

  • Train your staff to never open or click on anything in their email that they are not certain is authentic.
  • Also train your staff to never visit websites that are not safe.
  • Find an honest and reliable IT advisor that can give you a fair opinion on the status of your existing security measures.
  • Have that IT advisor check your server level and device level protocols.
  • Be sure to get an assessment of your firewall to make sure it offers the level of security you need.
  • Set up a "3-2-1" back up policy.
  • Be sure to get weekly sweeps of your network.

 

CONCLUSION

Although, there is no guarantee with this ever-evolving problem, you will sleep better at night and be able to offer assurance to your staff, families and students, knowing that you have done everything humanly possible to prevent really bad day from happening.  And if that day does come, you have prepared and you can take credit for being a hero!

 


 

CLICK TO LEARN MORE ABOUT A FREE TECHCHECK

tech check banner