EXECUTIVE SUMMARY:

Schools witnessed an 18% increase in ransomware attacks during 2020 as compared to 2019. In January of 2021, the US Cybersecurity and Infrastructure Security Agency (CISA), launched a campaign to raise awareness regarding ransomware’s effect on the education sector.

The National Cyber Security Centre (NCSC) in the UK has recently updated an alert concerning ransomware attacks on the UK educational groups. “In recent incidents affecting the education sector, ransomware has led to the loss of student coursework, school financial records, as well as data relating to COVID-19 testing,” stated the alert.

Compromised student records can sell for anywhere between $250 and $350 on the black market. According to one report, the education sector held the lowest rank in a cyber security evaluation of 17 major industries.

Recent ransomware exploit attempts, schools

In its latest briefing, the NCSC reports that the education sector has become a target for ransomware attempts via vulnerable VPNs and remote desktop protocol (RDP) endpoints. Unpatched bugs and or weak passwords, including lack of multi-factor authentication (MFA) also represent easy entry points for criminals. Phishing emails and third-party suppliers’ technologies pose additional threat.

The NCSC’s updated report advocates for the education sector to pursue a defense-in-depth approach to cyber security. Recovery plans are also a must. Organizations need to be able to restore systems without feeling pressured to pay extortion fees.

How can educational institutions really avoid ransomware?

1. Data backups. Ensure that your school district or university institutions retains cloud-based data backups and/or backups that are disconnected from your network. This will enable easier system restoration in the event of an attack.
2. If your school district or university relies on vendor-provided digital apps, ensure that vendors comply with cyber security best practices. Cyber criminals are not afraid to disrupt a vendor’s ecosystem in order to access your network.
3. Secure your remote desk top protocol (RDP). Clientless secure corporate access programs can help.
4. Prevent various exploit types by using endpoint anti-malware and anti-phishing technologies. Ensure that your set-up also prevents credential reuse and detects compromised passwords.
5. Contain and remediate attacks. Organizations can contain attacks and limit damage by blocking command and control traffic. Organizations can also avoid hackers’ lateral movement by isolating affected devices. Remediation can then commence in a sterilized environment.
6. More than a third of K-12 school districts report that they maintain three or fewer IT specialist positions. Hiring more IT specialists can feel burdensome in the short term, but may prevent significant cyber security issues in the long-term

Further, educational groups should remain aware of the fact that ransomware attacks seem to occur more regularly just ahead of holidays and weekends—especially ahead of three-day weekends, according to Check Point.

“Hackers are eyeing students returning to virtual classes as easy targets. These attacks can include malicious phishing emails, ‘Zoombombs,’ and even ransomware. I strongly urge students, parents, and institutions to be extra careful these next few months, as I believe the attack numbers and methods will only get worse,” said Omer Dembinsky, manager of data intelligence, at Check Point, in September of 2020.

Digital classrooms and digital learning may come with more risks than traditional classroom learning. For more information on how to avoid ransomware within the education sector, watch this webinar. For more on this story, visit The Washington Post.