In the past three weeks, at least 15 school systems have been the target of ransomware attacks, according to a report from the security experts at Armor.
So far in 2019, 500 school systems have been targeted by ransomware. Ransomware is a form of malware that locks files on a computer and threatens to delete them unless a ransom is paid. The most recent victims are the Mobile County School System in Alabama, Houston County Board of Education in Georgia, Guthrie Public Schools in Oklahoma, Smith County Public Schools in Virginia, and Northshore School District in Washington state.
Additionally, Crowder College in Missouri was hit by a $1.6 million ransomware demand. The college discovered that the crooks had actually been in their system for nearly a year prior to the ransom demand being issued.
Ransomware usually gets into the system via a phishing attack where an employee receives an email that purports to have an important attachment that the unsuspecting recipient clicks on or link that an employee must follow. Once they click, the malware is loaded onto the system and spreads. Ransomware will lock down the entire system, sometimes even destroying important files if the ransom is not paid.
Because school systems need access to their files, many times they will pay up. According to Armor, there have been several recent attacks where the schools paid up, including the Rockville Center School District, which paid out $88,000.
The start of school at Monroe-Woodbury School District in New was delayed by a ransomware attack since the district couldn’t access computers or the smart boards in classrooms.
While a district with properly backed-up systems won’t be forced to pay the demands, it does take some time to restore and reset devices.
The best way for districts to protect themselves is to make sure both faculty and students learn proper security behavior, such as not clicking on links that arrive via email.
Systems can also be set up so that only administrators can install programs and that only applications from certain trusted sources can be installed. Keeping security updates current is a must. In case the worst does happen, full offsite backups that are done frequently can help minimize the damage.