Ransomware is a type of malware that cybercriminals use to extort money from their victims. Essentially, it encrypts a user’s systems and data, which prevents them from accessing their files until they pay a ransom in virtual currency to get a decryption key.
But how does ransomware spread? It generally starts with phishing emails containing malware-embedded attachments. If a user opens a malicious attachment, the malware is installed; it only takes one click for a device to get infected.
Cybercriminals also use social engineering, such as a fake password reset email, to trick users into installing malicious software. Besides phishing campaigns, attackers are also exploiting Remote Desktop Protocol and Server Message Block vulnerabilities.
Once a school district is hit by ransomware, the consequences are grave. It takes an average of 10 days for schools infected with ransomware to restore their systems, not including the time needed for full recovery and investigation.
Moving to a remote environment has exposed schools to greater risk. More students and teachers are using cloud storage applications like Google Drive and Dropbox to upload and share documents, making it easier for malware to spread.
For example, someone might put something into a shared drive, and everybody would simply trust it because they’re part of the same team or class. But then, when they open that document, it might be infected with ransomware, and it could spread throughout their system.
5 Tips for Protecting Online Classrooms from Ransomware Attacks
1. Backup your data. It’s important for schools to assume bad things will happen, even if you think it won’t happen to your school. Having backups is crucial and your backups should be stored offsite, so they don’t get infected if a ransomware attack hits your school’s environment.
2. Implement a strong identity management strategy. Schools can no longer just rely on traditional firewalls and virtual private networks. You need to start treating identity as a key element for protecting your perimeter by implementing the proper identity management of users, which includes proper lifecycle management, authorization, and authentication.
3. Consider automation. Automating systems can help your IT team save time while staying ahead of detecting and preventing cyberthreats, especially if the data can live anywhere.
4. Scan and wipe. IT teams should use software to scan for personally identifiable information. This will flag sensitive and high-risk information, such as social security numbers and health records, to ensure that data is in the most secure place. IT teams should also consider tools that can identify misconfigurations and vulnerabilities. Finally, as more school districts distribute devices to students, they’ll need remote wipe, a capability that comes with mobile device management solutions. Remote wipe can track where devices are and erase data on those devices remotely if they are stolen or lost.
5. Have the basics covered. At the very least, schools should patch against classic vulnerabilities. They should also configure their systems and devices properly to prevent an attacker or automated malware from escalating privileges and causing harm to their environment. Cybersecurity education is also crucial, especially with students and teachers using school-issued devices from home and accessing software and applications outside the school’s network. Additionally, encrypting sensitive data should be standard because it prevents unauthorized users or bad actors from accessing that information.
Schools face a unique challenge for setting security policies because they are typically very open environments, are cloud users, and want easy and ubiquitous access for students and faculty. Plus, most schools don’t have large IT budgets or IT teams.
So, how should you respond if your school gets hit with ransomware?
Best Practices for Responding to a Ransomware Attack
1. Find the source. School districts should not rely on the ransomware attacker to tell them what is infected. You need to find out how to identify a system that’s infected, but whose payload hasn’t been activated and those are the systems you need to find and disinfect before resuming. Consider vendors like Barracuda who have threat hunting solutions which can identify ransomware and contain it before encryption begins.
2. Shut down everything. IT teams should shut down all their systems and disable their network so that the ransomware cannot propagate further. Once an initial infection has happened, many ransomware products are designed to automatically spread across the network.
3. Activate your disaster recovery playbook. School districts should have a well-tested disaster recovery plan that will allow them to resume operations when a ransomware attack occurs. In addition, districts should consider adopting Disaster Recovery as a Service. DRaaS is often a cheaper option because schools won’t need to buy any disaster recovery infrastructure or spend money maintaining it. DRaaS makes it easy to resume operations too; you simply press one button, and all of the servers you configured beforehand magically come alive in the cloud within 15 to 20 minutes.
4. Expand your communication channels. After a ransomware attack, school and IT leaders should regularly communicate with stakeholders about the damage and recovery process. Schools should also be proactive about providing information on good cyber hygiene, especially regarding threats such as phishing, password protection and using secure Wi-Fi.
5. Get your people ready. It’s important to make sure that the human element of cybersecurity and incident response plans is in place. Administration, faculty, IT and anyone else in a responsible position should be aware of the incident response plan and should know “who to call, when to call, how to initiate the plan and how to organize the incident. he says. Most importantly, lessons learned from an attack should be carefully reviewed and documented together so that past mistakes and gaps in security can be corrected.
Whether you’ve been infected with ransomware or want to be proactive and prevent an attack, Chi Corporation and our security vendors can help you architect a plan that will fit your district’s needs and budget. Contact us for more information.