Kaspersky researchers predict cyberattacks against school districts are likely to continue in the 2021-22 school year.
In April, the Conti ransomware gang encrypted systems at Broward County Public School in Florida and threated to release sensitive student data, teacher, and employee data unless the district paid them $40 million.
A Las Vegas-area school district with more than 300,000 students saw private student information released after it declined to pay the ransom.
“Cyber criminals are focusing on targets that they feel will provide the most probability of getting paid. They want to maximize the payout while minimizing the effort. Schools tend to fall into this category simply because they are under resourced with regards to security, but also highly motivated to minimize the impact of an attack simply by paying,” said Brian Bartholomew, principal security researcher at Kaspersky to TechRepublic.
Security experts recommend ransomware victims never pay criminals to unlock data and contact law enforcement instead. “If the unfortunate event happens and a school thinks it’s compromised, the best thing to do is coordinate with them, as well as follow the recommended steps and guidelines produced by CISA,” Bartholomew said to TechRepublic.
Paying a ransom often encourages the criminals to continue their operation and the payments do not guarantee the complete return of the stolen data either. Kaspersky researchers found that 17% of ransomware victims who paid, never go their money back, and only 29% of all victims were able to restore all their encrypted or blocked files.
Cybercriminals are likely to extort victims a second time. Kaspersky research concluded 41% of schools that were attacked were targeted multiple times, while 59% were targeted only once.
About 72% of parents of school-age children, reported that they would want their child’s school to pay a ransom to prevent the leak of students’ sensitive information. Other common concerns included compromise of the school’s IT system, closing the school for a week or more, and cost to taxpayers or increased tuition.
Fifty-five percent of parents surveyed said their school has been hit with a cyberattack during their child’s time there, according to the Kaspersky survey.
Jacob Olcott, vice president at BitSight Technologies, said to TechRepublic the “education sector has been the worst-performing sector” from a cybersecurity perspective and has been so “for years,” adding that the lengthy amount of time it takes education organizations to patch vulnerabilities is one of the key factors. Citing BitSight analysis, Olcott said “organizations with poor patching performance are nearly seven times more at risk of a ransomware attack.”
School IT administrators can take these steps to help prepare:
- Always keep software updated on all the devices you use to prevent ransomware from exploiting vulnerabilities.
- Focus your defense strategy on detecting lateral movements and data exfiltration to the internet. Pay special attention to the outgoing traffic to detect cybercriminals’ connections.
- Back up data regularly. Make sure you can quickly access it in an emergency when needed.
- Do not pay the ransom if a device has been locked. Instead, contact your local law enforcement agency and report the attack.
- Try to find out the name of the ransomware Trojan. This information can help cybersecurity experts decrypt the threat and retain access to your files.
- To protect the school network, educate teachers and staff with dedicated training courses.
- Create short, bite-sized student training courses that incorporate gamification to incentivize and reward students showing an interest in a career in cybersecurity.
Parents and students can take an active role by avoiding cyberattacks against their school district by not clicking on links in spam emails or on unfamiliar websites and not opening email attachments from senders they do not trust.
Implementing a Zero trust security approach is another option for school administrators to consider.