Online fraudsters targeting UK schools use a combination of cold calling and email bombardment to take control of a school’s data.
Initially, the cyber criminals cold call schools claiming to be from the Department of Education, and once they have the necessary email addresses (the headmaster or headmistress), documents are sent that include file freezing malware.
This news was followed by a police warning that urged educational establishments to remain vigilant, and not pay the ransom.
After news of this broke last week in the UK, this week a Los Angeles school has made a US $28,000 ransomware payment after hackers raided its network.
Attackers had encrypted enough to ruin computer services, email, and messaging at the Los Angeles Community College District.
Jonathan Sander, VP of product strategy at Lieberman Software commented that “the key phrase in the LA schools ransomware story is that they had no other choice but to pay since they lacked a backup.”
“Ransomware is not an act of God. In most cases it can be prevented by being careful with email and phishing attacks or remediated by having good backups. You have to pay ransomware attackers when you have no way to get back the data they lock up. If you had a backup of that data that was not hit by the ransomware, then you restore that and go on with life.”
He does note, however, that this backup requirement is expensive and not always attainable.
What can schools do?
Sophos, a UK cyber security provider, believes that it is imperative that schools are aware, prepared and educated about these threats.
In light of the news that broke last week in the UK and this week in the US Steve Morgan, security advisor at Sophos, presents 5 steps on how education organisations can tackle this external threat.
1) Have an integrated security plan that does not stifle productivity
To fully understand their cyber threat and risk exposure, schools should undertake a rigorous security review to identify risks, understand vulnerabilities and assess the impact of a cyber attack.
Only then can they create an integrated cyber security plan that incorporates technical, human and physical defences to deliver effective protection without stifling productivity.
2) Follow best practice
Many security breaches can be prevented by ensuring existing cyber defences are deployed at full strength.
Too often schools investment in cyber security solutions but people fail to deploy them to their full advantage.
This significantly reduces their effectiveness and increases the likelihood of a successful, but preventable breach.
To ensure you are getting the maximum level of protection from your existing security solutions we encourage all schools to follow the best practice guidance offered by their trusted security partners and vendors.
3) Have a tried and tested incident response plan
Work on the assumption that an attack will happen and ensure you have a tried and tested incident response plan than can be implemented immediately to reduce the impact of the attack.
4) Identify and safeguard your sensitive data
It’s almost impossible to protect all your data all of the time, so identify the information you keep which would cause harm if it were stolen or unlawfully accessed and implement suitable data security procedures to ensure it is appropriately protected.
5) Education, Education, Education
Too many cyber breaches, especially ransomware attacks, are caused by the inadvertent actions of users.
It is therefore vitally important that users are educated about the cyber risks they face and the safeguards in place to protect them.
Users should also understand their individual cyber Security responsibilities, be aware of the consequences of negligent or malicious actions and work with other stakeholders to identify ways to work in a safe and secure manner.