Schools Threatened by Ransomware Attacks

Schools Threatened by Ransomware Attacks

In a report published by cybersecurity firm, Armor, last month, ransomware infections were found and tracked in 54 educational organizations. More than 500 educational institutions in the United States were disrupted by ransomware attacks this year. In the last two weeks, 15 school districts, which account for more than 100 K-12 schools, suffered the hit at the worst time possible as it was in the first weeks of a new academic year. Among these 15 incidents, 5 of them were led by Ryuk ransomware, one of the most active ransomware strains nowadays.

“GRIM SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018”

What is Ransomware

Ransomware is a type of malware that encrypts files on user devices or network storage devices. Ransomware is usually spread by spam email attacks. Spam emails contain attachments that are disguised as legitimate files or contain URL links in the body of the email. If the former method is used, the ransomware will be activated as soon as the user opens the attachment. The software will then begin encrypting the files on the device in a matter of seconds. If a link is used as the attack vector, when the user clicks on the link, the user enters a web page where the ransomware is transmitted to the device without the user’s knowledge. Malicious programs or websites often use exploit kits to detect security vulnerabilities in the device’s operating system or application that can be used to transmit and activate ransomware. To restore access to encrypted files, users must pay a “ransom” to cybercriminals, usually through electronic payment methods that are difficult to track, such as Bitcoin.

Why Schools Are Targeted?

With the rise of ransomware in educational institutions, we noticed that schools have become popular targets because schools usually have a wealth of data but lack cybersecurity training. The main reason why ransomware spreads rapidly on the campus network is that most of the schools are basically a large intranet interconnected LAN, and different services are not divided into secure areas. For example, the student management system, the educational system, etc. can be accessed through any connected device. At the same time, the IP assignments of machines in different rooms such as laboratories and multimedia classrooms are mostly public IP. If the school does not have the relevant permission restrictions, all machines are directly exposed. This incident directly reflected the vulnerabilities in the security management of colleges and universities.

“Schools need to begin thinking of themselves as being part of a cyberphysical system”

Therefore, backing up data and spending more money on improving cybersecurity training or hiring cybersecurity specialists are helpful measures for schools to take in order to avoid the rise of cybercrimes including ransomware.


Contact LIFARS Immediately if Your Organization Was Hit with a Data Breach