Schools are a major target for malicious cybersecurity events and ransomware attacks. One reason is they sometimes need more resources or preparation to handle cybercriminal activity. Ransomware events negatively impact a school’s finances, parents, faculty and students.
The United States Government Accountability Office recently reported school districts impacted by a cyberattack experienced learning losses ranging from three days to three weeks. Complete recovery took as long as nine months and the financial harm ranged from $50,000 per school district to $1 million. Costs included ramped-up security software, new equipment and a more considerable investment in IT services.
Ransomware is similar to any malicious virus in that it changes your computer and can wreak havoc within your systems. The attack works with asymmetric encryption and locks the victim out of their computer or network. The hacker threatens to release personal information or sell and delete data if the school doesn’t pay a fee by a deadline.
Schools are a business and cybersecurity issues can plague any company. CNN recently reported a college in Illinois had to close after a drop in admissions due to the pandemic combined with a ransomware attack. A K-12 public school system in Albuquerque, New Mexico also had to shut down the same month because a system hack changed adult emergency contacts and authorized pickup people.
In November 2022, USA Today reported an attack shutting down schools in two Michigan counties for several days while IT scrambled to restore systems. The attacks impacted networks and all devices connected to them. School officials warned people not to use any devices connected to the system, including those at home.
Ransomware demands varied from $100,000 to $40 million, with schools smartly refusing to pay most orders. Some attacks may have gone unreported from private institutions. Researchers explained out of 18 cases reported, only two paid their attackers.
Even more frightening was the attack on the Los Angeles Unified School District linked to the Vice Society, which releases data on the dark web. Protecting students and keeping their personal information safe is vital for most educational institutions.
Many schools think a ransomware attack isn’t likely to happen to them. Budgets are tight and the IT department is overworked. They put off securing their systems for as long as they can — until the unthinkable happens. Fortunately, there are some steps you can take today to protect your school from a cyber event:
- Check your system for flaws: You can invest in a third-party contractor to attempt hacks on your system and find any weak points.
- Create response plans: The faster you respond to an attack, the less damage the malware can do to your system. Have an emergency response plan in place so if something does infect your system, you can shut it down and restore it from a backup.
- Train your workers: Ensure all those with access to the system understand what a phishing attempt is, to not click on links and how to make sure a website is secure. Both staff and students need training in best practices.
- Go to the cloud: A cloud-based provider often has the latest and best security systems. They may even have IT staff on call 24/7 to detect and stop cyberattacks.
- Change passwords frequently: Password changes can be fairly annoying, but forcing users to change theirs often and making them complex avoids people releasing them on the dark web and others trying them out on the site.
- Lock former employees out: Malicious attacks by former employees happen from time to time. Make it a policy to lock past staff out the day they leave, even if on good terms.
- Use firewalls: Utilizing a web application firewall (WAP) protects your system by monitoring HTTP traffic and serves as a first defense against cyberattacks. A WAP protects your system from vulnerabilities on other websites being visited.
- Keep devices updated: The older your systems and software are, the more time hackers have to figure out the weaknesses. Although it is an expense, it’s best to update your hardware and software frequently.
Ask for feedback from a security company and get a full audit to see what else you can change to ensure you aren’t leaving sensitive information vulnerable.
While school district ransomware attacks are clearly an issue, why do hackers choose to target schools over plenty of other potential victims? For one thing, school districts often have the funds to pay out the ransom, whereas an individual or smaller business would not. Even though the money is from taxpayers, the school district can use it as they see fit with some oversight.
Schools also underhire for their IT and internet security needs. Lack of future planning means systems aren’t updated and hackers can more easily access the system.
Students, faculty and parents often access the network from different points. Each machine hooking into the system creates an added vulnerability — it only takes one infected machine to bring the entire network down. Schools can offer training to employees and students, but parents may not always utilize the best security practices, even if reminded frequently.
Should the worst happen and your school falls subject to a ransomware attack, keep in mind that you should never pay the hackers. Paying them encourages additional and similar behavior toward other schools. First, try decrypting the infected files on your own.
Hiring a security expert to secure your systems and prevent further damage would be best. Someone well versed in network security can go in and find the ransomware encryption and remove it, even if line by line, cleaning your system and protecting it from further attacks.
While they might not seem like an obvious target, the rate of ransomware attacks on schools is rising. Taking steps to protect your organization before hackers become a threat helps reduce the chance that a cybersecurity incident will be devastating.