Ransomware Risks and Impacts for School Districts

Ransomware is a form of malicious software designed to encrypt important files on a computer, rendering them unavailable to the people to whom they are important and/or rendering the systems that rely on them unusable. Hackers then demand ransom in exchange for decryption, typically via anonymous Bitcoin or other cryptocurrency payments. These ransom demands can run into – or beyond – hundreds of thousands of dollars. Stopping the attacks is difficult, and the growing popularity of cryptocurrencies such as Bitcoin is further emboldening cybercriminals by making it easier for them to evade law enforcement and financial regulators.

Since 2016, 122 such cyberattacks have been recorded across California public safety, government, medical, and education sectors by Seculore Solutions, a Maryland-based software company. At least 26 of those cyberattacks have targeted California school districts, colleges, and universities including at least one University of California (UC), Sierra College, College of the Desert, Visalia Unified School District, and Newhall School District. Sierra College had some systems shut down during finals week, and UC San Francisco paid a $1.14 million ransom. Accurate numbers are hard to verify because many schools don’t report attacks. With a new federal law requiring disclosure when a ransom is paid, we expect to see a large increase in reported ransomware attacks.

Why School Districts should be concerned

School Districts are prime targets for cybercriminals due to a variety of factors, including:

• Reliance on homegrown IT staff who may not be familiar with Best Practices for IT security.
• A history of bypassing established IT security procedures, policies, and tools in favor of solutions offering greater ease of use or lower cost.
• A constituency that spends a high proportion of its time on such high-risk platforms as file sharing, streaming, and social media sites where malicious files are often lurking.
• The shift to remote work arrangements that allow non-business activities and their associated risks to impact district systems and files.

Together, these factors increase organizational risks, which in turn increase the risk of a ransomware attack.

Risks that reach far beyond the IT department

The impacts of a ransomware attack are often devastating to an organization, including:

• Educational service disruption if unpaid ransom leads to weeks or months of IT system outage.
• Institutional reputation damage if student, employee, or partner private data is exposed.
• Legal liability if confidential information is exposed.
• Financial upheaval if ransom is paid.
• Staff burnout due to increased IT workload and increased oversight.

Ransom: to pay or not to pay?

Bluntly stated, organizations are in a no-win situation when faced with a ransomware attack. If an organization decides to pay the ransom, there is no guarantee they will get their data back or that criminals will not use the information they gathered for future attacks. Further complicating matters, paying the ransom may be illegal if it is determined the offender is a “terrorist organization,” and the Federal Bureau of Investigation (FBI) advises against doing so.

Hope is not a strategy: defensive tactics to implement now

In our role as a trusted IT advisor, Shandam Consulting has worked with several organizations that fell victim to cyberattack. Without exception, the impacts were devastating. In fact, we call them “resumé generating events” because the people involved often leave their positions after an attack, either due to the enormity of work that must be undertaken or because management loses confidence in their abilities. Failing to take the necessary steps to secure your organization can have disastrous, far-reaching, and expensive consequences. With this in mind, Shandam Consulting recommends your organization take the following steps at the earliest possible opportunity to help prevent a ransomware attack: