Ransomware Risks and Impacts for School Districts

Ransomware Risks and Impacts for School Districts 150 150 Shandam Consulting

Ransomware is a form of malicious software designed to encrypt important files on a computer, rendering them unavailable to the people to whom they are important and/or rendering the systems that rely on them unusable. Hackers then demand ransom in exchange for decryption, typically via anonymous Bitcoin or other cryptocurrency payments. These ransom demands can run into – or beyond – hundreds of thousands of dollars. Stopping the attacks is difficult, and the growing popularity of cryptocurrencies such as Bitcoin is further emboldening cybercriminals by making it easier for them to evade law enforcement and financial regulators.

ransomware process

Since 2016, 122 such cyberattacks have been recorded across California public safety, government, medical, and education sectors by Seculore Solutions, a Maryland-based software company. At least 26 of those cyberattacks have targeted California school districts, colleges, and universities including at least one University of California (UC), Sierra College, College of the Desert, Visalia Unified School District, and Newhall School District. Sierra College had some systems shut down during finals week, and UC San Francisco paid a $1.14 million ransom. Accurate numbers are hard to verify because many schools don’t report attacks. With a new federal law requiring disclosure when a ransom is paid, we expect to see a large increase in reported ransomware attacks.

Why School Districts should be concerned

School Districts are prime targets for cybercriminals due to a variety of factors, including:

  • Reliance on homegrown IT staff who may not be familiar with Best Practices for IT security.
  • A history of bypassing established IT security procedures, policies, and tools in favor of solutions offering greater ease of use or lower cost.
  • A constituency that spends a high proportion of its time on such high-risk platforms as file sharing, streaming, and social media sites where malicious files are often lurking.
  • The shift to remote work arrangements that allow non-business activities and their associated risks to impact district systems and files.

Together, these factors increase organizational risks, which in turn increase the risk of a ransomware attack.

Risks that reach far beyond the IT department

The impacts of a ransomware attack are often devastating to an organization, including:

  • Educational service disruption if unpaid ransom leads to weeks or months of IT system outage.
  • Institutional reputation damage if student, employee, or partner private data is exposed.
  • Legal liability if confidential information is exposed.
  • Financial upheaval if ransom is paid.
  • Staff burnout due to increased IT workload and increased oversight.

Ransom: to pay or not to pay?

Bluntly stated, organizations are in a no-win situation when faced with a ransomware attack. If an organization decides to pay the ransom, there is no guarantee they will get their data back or that criminals will not use the information they gathered for future attacks. Further complicating matters, paying the ransom may be illegal if it is determined the offender is a “terrorist organization,” and the Federal Bureau of Investigation (FBI) advises against doing so.

Hope is not a strategy: defensive tactics to implement now

In our role as a trusted IT advisor, Shandam Consulting has worked with several organizations that fell victim to cyberattack. Without exception, the impacts were devastating. In fact, we call them “resumé generating events” because the people involved often leave their positions after an attack, either due to the enormity of work that must be undertaken or because management loses confidence in their abilities. Failing to take the necessary steps to secure your organization can have disastrous, far-reaching, and expensive consequences. With this in mind, Shandam Consulting recommends your organization take the following steps at the earliest possible opportunity to help prevent a ransomware attack:

Data Backup

Deploy a robust, offsite, immutable, and redundant backup system that will facilitate data recovery in the event your organization is attacked.

Email attachment filtering

Seal off the most common entry point for ransomware by blocking high-risk email attachments or content from entering or leaving your organization.

Internet filtering

Block access to high-risk websites such as file sharing, adult, gaming, and other sites that are often used as ransomware vectors. Most next generation firewalls have this capability.

Embrace robust IT security policies

Establish clear standards for acceptable use, remote access, and other risk factors. Sample templates are freely available on the Web to use as a starting point.

Implement endpoint protection

Protect each district device from viruses and malware.

Deploy intelligent firewalls

Identify and block risky behaviors and activities.

Mandate user security training

Use subscription services to provide Computer Based Training (CBT) and track compliance on IT security basics.

Consider an independent IT security assessment

Conduct an external evaluation of your organization’s IT security risks that includes recommended mitigation strategies.

About Shandam Consulting

Established in 2001, Shandam Consulting is a technology consulting firm that does not sell anything apart from our expertise. In this role Shandam has advised government agencies, utilities, community colleges, and school districts on how to stabilize, optimize, and maximize their investments in Information Technology.