With the uptick in remote working, learning and connections, brought on by COVID-19, the ransomware risks to K-12 institutions have only increased. Several factors, including lack of resources and the sensitivity of data held by K-12 institutions, often increase the pressure to pay ransoms and therefore, make institutions an attractive target for attackers.
Ransomware Attacks on the Rise
Sources reported that in 2019, 1,233 individual schools were potentially affected by ransomware attacks. Notably, in the first quarter of 2020, approximately 422 individual schools were already affected.
The FBI also recently reported an increase of ransomware attacks targeting K-12 schools that began in the fall of 2019. These attacks often involved phishing emails, RDP vulnerabilities and the Ryuk variant. According to the FBI, some of these attacks resulted in complete and total shutdowns of entire organizations.
Also troubling, ransomware threat actors are increasingly using the threat of public release of stolen data to extort increased and additional ransoms. The result is that organizations may not be able to rely on backups (to the extent they even exist in an uninfected state) to restore and avoid paying a ransom.
The Time is NOW to Prepare
All K-12 institutions must prepare NOW for ransomware attacks. It is not a matter of “if” your institution will be the subject of an attempted attack, but “when.” Some necessary critical steps include:
- Awareness and training for all users related to phishing emails and other cyber risks
- Implementation of two-factor authentication, especially for accounts with privileged access
- Employing a robust system of backups of critical data, including air-gapped backups protected by unique credentials
- Implementing the principle of least privilege for all users
- Deploying advanced endpoint protection (anti-malware and antivirus products)
- Segmentation of networks
- Ensuring software and operating systems are updated at all times
Better preparation will enhance the ability of K-12 institutions to fend off such attacks, and potentially mitigate their effects when they do occur.
Our Privacy, Cybersecurity and Data Management and Education Teams will continue to share the latest developments and provide insights as COVID-19 impacts the operations of K-12 institutions nationwide.