Last week, a new ransomware virus was released and had effects worldwide. Ransomware viruses will either lock your computer(s) or encrypt your files essentially holding your computer or files for ransom until you pay a fee to the virus writer. This type of virus also can replicate itself and spread across computers in your network. In the case of this new virus called Wanna Cry, infected computers had their files encrypted making them inaccessible, and the only way to decrypt them was to pay the ransom to receive the decryption key or restore your computer from a backup. Major international corporations were affected by the virus, including FedEX. This virus was particularly troublesome because several hospitals in England were victims had their files inaccessible. Staff could not treat patients without paying the ransom, and had to turn patients away.
This kind of virus is not particularly new. In the past year, some school districts in the United States were targets of a ransomware attack and were forced to pay the ransom in order to access their computers, servers, and networks. Several articles within the past year have been written about school districts being targets of such attacks, including an article in EdWeek titled “Ransomware Attacks Force School Districts to Shore Up—or Pay Up”. The article makes the point that ransomware does not discriminate and anyone could be a target. However, the cost of an infection could be very expensive and take up a large portion of a district or school’s technology budget. If a school or district does become infected, you have a choice to pay the ransom, or “rebuild the district’s data systems from backups or, in a worst-case scenario, from scratch.” For any organization small to large, this is an extremely harrowing situation. Law enforcement agencies generally discourage organizations from paying ransoms. However, one can weigh the ethics of paying the ransom and emboldening the attackers versus rebuilding your systems from backups. The amount of time to restore the numerous amount of files and systems could take up to two weeks, and in the case of a school or district, that means you cannot support your staff and your students. Yet, if a good backup system is in place, as was the case of Swedesboro-Woolwich school district, a ransom was not paid, and the district was able to restore their files from backups.
Regardless of whether or not an organization decides to pay the ransom, any ransomware attack should be reported to the FBI local office or its website. There have been cases where an organization was attacked and reported the attack to the FBI. In one known case, the FBI was already in possession of a “key” or antidote to the ransomware attack. These organizations were able to easily recover their files.
Lastly, the author of the article writes that Stephen Boyer, a co-founder of BitSight Technologies and cybersecurity expert says “…districts should be focusing on preventative measures.” Mr. Boyer’s firm compiled a report “that found that educational institutions and companies had the highest rate of ransomware infection.” Mr. Boyer also goes on to say that IT directors of schools have a harder time at keeping their systems secure due to the nature of bring your own device policy in place in schools. As supervisory special agent Will Bales in the FBI cyber division says to the author, “faculty, students, every single person who is connected to a school network is a potential liability.” By allowing students, staff, and visitors to bring their own devices, it does open your network to attack. But, according to the author, it is relatively straightforward to reduce your school or district’s chance of being a victim of a ransomware attack. Please read the Ways to Protect Against Ransomware below.
The best defense to have in place in the event of a ransomware attack is to have strong backups in place and have an outside company clear out your network. Bringing in an outside security firm will help plug the hole(s) in your system to make sure the attackers do not come back through the same vulnerability in your network. A Los Angeles college paid $28,000 due to a ransomware infection. After consulting with security experts, the college paid the ransom because they did not adequately back up their systems. If you have a thorough backup plan in place with multiple locations for backup files, your chances of recovering your network and systems is very high. If your local backup is compromised by an attack, it’s likely your off-site backups are not infected and you can use those backups to bring your network and systems back online.
Ways to Protect Against Ransomware
Schools and school districts can take a number of steps to avoid ransomware attacks on their computer systems, including:
- Back up everything, and make sure safeguards are in place so malware cannot easily jump to infect backup systems.
- Make sure network users scrutinize incoming email and report rather than open strange attachments from unsolicited addresses.
- Download software only from secure and trusted sources. Never pirate software from illegal or questionable peer-to-peer websites.
- Have strong access controls. Student accounts shouldn’t have administrative privileges. Internal restrictions on access can prevent a bug from spreading.
- Make sure system updates, including for anti-virus software, are installed regularly.
- Change passwords regularly, and train staff members in best cyber practices.
- Test your own defenses. Hire a vendor to try to hack the system to find vulnerabilities and address them.
- Have an incident-response plan ready in case something goes wrong.
Sources: FBI and BitSight Technologies
Local FBI Offices
Newark – (973) 792-3000
11 Centre Place
Newark, NJ 07102
Philadelphia – (215) 418-4000
William J. Green, Jr. Building
600 Arch Street, 8th Floor
Philadelphia, PA 19106