Take a Virtual, Interactive Tour 

Cyber Security, People, Places, and Things

  |  
8 Min Read

Cyber Criminals Hold Schools Hostage with Ransomware, FBI Warns

 

Ransomware: an emerging form of malware that locks the user out of their files or their device, then demands an anonymous online payment to restore access, according to malwarebytes.com/.

 

This very devious type of cyber attack is delivered by spam through unsolicited email, and now, the FBI is cautioning K-12 school districts to be prepared for an uptick in ransomware attacks.

 

At UAT, we recently received an FBI alert that hackers are currently targeting K-12 schools. Why schools? According to the FBI, schools are an opportunistic target as more are transitioning to distance learning. Provost Dr. David Bolman discussed this with Maria Hechanova of Arizona’s Family News.

 

 

“What ransomware attacks are trying to do is shut schools down, especially when they’re very busy, resources are stressed, and they’re getting ready to do things they’ve never done before,” explained Dr. Bolman. “Ransomware doesn’t actually care about the information, by and large they’re not trying to sell your information, they just know you need the info to function,” he said.

 

Dr. Bolman2

Dr. Bolman, UAT Provost

 

Clearly, that’s a big problem for all school districts. Those with data held for ransom may have to cancel classes or even close school for days. In fact, Flagstaff Unified School District was forced to close for two days last fall after its employees were targeted through their district email accounts, as reported by AZ Ed News.

 

So how does it work? Hackers appearing legitimate trick people into opening attachments or clicking on links in emails, or someone could be redirected from a valid site to a criminal server that collects data—without even interacting.

 

“Ransomware quietly collects your information and at some point in time, when they feel they have enough information that you value, they will lock your computer down and require you to use a very specific code that only they can provide to unlock your data and of course ask money for that, hence the ransom,” added Dr. Bolman.

 

BolmanQuote

 

Bolman added that all sizes of school districts are being targeted for different reasons, but mostly because faculty and staff are stretched thin, and it makes sense to be focused on curriculum and operational procedures than cyber security.

 

“What’s happening right now is all the K-12 schools are scrambling trying to figure out how they’re going to deliver their classes in a pandemic mode and that’s causing administrations to do a couple things: one, be a little distracted, two, they’re going to be using far more computers than they’ve ever used before and that’s a vulnerability.”

 

According to the FBI, school districts should never give into demands, because they’re not guaranteed to ever get their files back. The following actions are also suggested by the FBI:

⇒ Retain multiple uninfected backups of critical data and applications. These backups should be air-gapped and password protected.
⇒ Develop an approved white list of applications and processes allowed to run in your environment.
⇒ Use File Integrity Monitoring to detect changes of critical OS files and processes.
⇒ Follow the principle of Least Privilege for Access Control. Each user should have the least privileges needed for their job.
⇒ Have penetration testing conducted by experts to ensure your organization is maintaining an acceptable security posture.
⇒ Monitor or block IP addresses from known malicious actors.
⇒ Educate your workforce on current and emerging cybersecurity risks and vulnerabilities.
⇒ Implement endpoint protection solutions such as antivirus and anti-malware.
⇒ Enact multifactor authentication wherever possible.
⇒ Ensure network segmentation.
⇒ Disable Remote Desktop Protocol (RDP) and other remoting options except when necessary.
⇒ Keep software updated. Install software patches so that attackers can't take advantage of known problems or vulnerabilities.
⇒ Conduct regular internet searches for student, faculty, and staff information to monitor its possible exposure and spread on the internet.

 

If you do suspect your data is being collected, or a threat is made, don’t hesitate to contact the FBI at www.fbi.gov/contact-us/field, by phone at (855) 292-3937, or by email at CyWatch@fbi.gov. Stay vigilant!

 


 

Want to fight cyber criminals every day? Find out more about our cyber security degrees offered at https://www.uat.edu/cyber-security-degrees

 

Comment

The Integration of Drones into Cyber Security Strategies

You may be surprised, but drones are playing a pivotal role in enhancing network security in several innovative ways. As technology evolves, the integration of drones into cybersecurity strategies ...
Picture of Aaron Jones Aaron Jones 8 Min Read

Defending Against Blacklotus: UAT's Cyber Security Program Sheds Light on UEFI Attacks

The Blacklotus malware is a UEFI bootkit that targets systems at one of their earliest points of availability. During the boot process. ESET malware researcher Martin Smolár noted that this begins ...
Picture of Aaron Jones Aaron Jones 8 Min Read

What is Kali Linux?

Kali Linux, formerly Backtrack Linux, is a Debian-based and open-source operating system distribution with the intention of making penetration test and auditing tools available to the average user. ...
Picture of Aaron Jones Aaron Jones 8 Min Read