Take a Virtual, Interactive Tour 

Cyber Security, People, Places, and Things

8 Min Read

Cyber Criminals Hold Schools Hostage with Ransomware, FBI Warns


Ransomware: an emerging form of malware that locks the user out of their files or their device, then demands an anonymous online payment to restore access, according to malwarebytes.com/.


This very devious type of cyber attack is delivered by spam through unsolicited email, and now, the FBI is cautioning K-12 school districts to be prepared for an uptick in ransomware attacks.


At UAT, we recently received an FBI alert that hackers are currently targeting K-12 schools. Why schools? According to the FBI, schools are an opportunistic target as more are transitioning to distance learning. Provost Dr. David Bolman discussed this with Maria Hechanova of Arizona’s Family News.



“What ransomware attacks are trying to do is shut schools down, especially when they’re very busy, resources are stressed, and they’re getting ready to do things they’ve never done before,” explained Dr. Bolman. “Ransomware doesn’t actually care about the information, by and large they’re not trying to sell your information, they just know you need the info to function,” he said.


Dr. Bolman2

Dr. Bolman, UAT Provost


Clearly, that’s a big problem for all school districts. Those with data held for ransom may have to cancel classes or even close school for days. In fact, Flagstaff Unified School District was forced to close for two days last fall after its employees were targeted through their district email accounts, as reported by AZ Ed News.


So how does it work? Hackers appearing legitimate trick people into opening attachments or clicking on links in emails, or someone could be redirected from a valid site to a criminal server that collects data—without even interacting.


“Ransomware quietly collects your information and at some point in time, when they feel they have enough information that you value, they will lock your computer down and require you to use a very specific code that only they can provide to unlock your data and of course ask money for that, hence the ransom,” added Dr. Bolman.




Bolman added that all sizes of school districts are being targeted for different reasons, but mostly because faculty and staff are stretched thin, and it makes sense to be focused on curriculum and operational procedures than cyber security.


“What’s happening right now is all the K-12 schools are scrambling trying to figure out how they’re going to deliver their classes in a pandemic mode and that’s causing administrations to do a couple things: one, be a little distracted, two, they’re going to be using far more computers than they’ve ever used before and that’s a vulnerability.”


According to the FBI, school districts should never give into demands, because they’re not guaranteed to ever get their files back. The following actions are also suggested by the FBI:

⇒ Retain multiple uninfected backups of critical data and applications. These backups should be air-gapped and password protected.
⇒ Develop an approved white list of applications and processes allowed to run in your environment.
⇒ Use File Integrity Monitoring to detect changes of critical OS files and processes.
⇒ Follow the principle of Least Privilege for Access Control. Each user should have the least privileges needed for their job.
⇒ Have penetration testing conducted by experts to ensure your organization is maintaining an acceptable security posture.
⇒ Monitor or block IP addresses from known malicious actors.
⇒ Educate your workforce on current and emerging cybersecurity risks and vulnerabilities.
⇒ Implement endpoint protection solutions such as antivirus and anti-malware.
⇒ Enact multifactor authentication wherever possible.
⇒ Ensure network segmentation.
⇒ Disable Remote Desktop Protocol (RDP) and other remoting options except when necessary.
⇒ Keep software updated. Install software patches so that attackers can't take advantage of known problems or vulnerabilities.
⇒ Conduct regular internet searches for student, faculty, and staff information to monitor its possible exposure and spread on the internet.


If you do suspect your data is being collected, or a threat is made, don’t hesitate to contact the FBI at www.fbi.gov/contact-us/field, by phone at (855) 292-3937, or by email at CyWatch@fbi.gov. Stay vigilant!



Want to fight cyber criminals every day? Find out more about our cyber security degrees offered at https://www.uat.edu/cyber-security-degrees



Special Topics in Technology: Open Source Intelligence

Using Shodan to Look for Vulnerable Critical Infrastructure Students at the University of Advancing Technology are often tasked with real world goals designed to make them flex and grow while ...
Picture of Aaron Jones Aaron Jones 8 Min Read

To Tempe Town and Beyond

There’s so much more to Arizona than the desert. For students new to the area, it would be easy to just stick around campus and play video games, but don’t do that! Take advantage of all that Tempe ...
Picture of Lisha Dunlap Lisha Dunlap 8 Min Read

Warning: Your iPhone has been Hacked

Latest Apple Hack Leaves Users Open to Spyware You may have recently heard about the extremely important update being pushed out to Apple iOS devices (iOS 14.8). You may have heard terms like zero ...
Picture of Aaron Jones Aaron Jones 8 Min Read