Ransomware

The resurgence of COVID-19 poses a challenge to school systems planning to reopen in the fall. But this may not be the only concern facing school administrators…

The FBI recently issued a nationwide Private Industry Notification (PIN) alert to K-12 schools, warning that cyber criminals will be trying to spread file-encrypting ransomware by exploiting security vulnerabilities associated with the remote desktop protocol (RDP). The widely used protocol provides a graphical interface that allows users to connect to other systems over a “secure” network connection. Among other things, RDP is used to facilitate distance learning.

Soft Targets

According to the FBI alert, “Cyber actors are likely to increase targeting of K-12 schools during the COVID-19 pandemic because they represent an opportunistic target as more of these institutions transition to distance learning.”

In recent years, many cyber criminals have launched brute-force attacks against RDP to breach corporate networks and deploy file-encrypting ransomware. While companies usually have the resources to protect their remote access infrastructure and endpoints, the same is not always true for most K-12 schools, leaving them vulnerable to this and many other kinds of attacks.

The FBI noted that a relatively new trend is the threat from cyber criminals to publish sensitive information stolen from infected networks if schools refuse to pay the ransom, creating an elevated sense of urgency for schools to comply with the ransom demand.

According to antivirus company Emsisoft, there has been an uptick in attacks targeting K-12 schools in recent years. There were about 870 known cyber-security incidents disclosed by K-12 schools in 2016. The number increased to over 1,200 incidents in 2019, and more than 400 in the first few months of 2020 alone.

External Threats

Here are some of the attacks reported by K-12 schools in Pennsylvania since 2019, as compiled by Emsisoft:

• The Purchase Line School District was the victim of an email spoofing attack by an individual pretending to be a school district employee.
• Computers at the Newport School District were infected with a computer virus that came through email. When opened by staff, it infected some district computers and compromised the information of several staff members. Once aware of the breach, it took the district several weeks to fix it.
• The Ridgway Area School District was hit with an electronic virus that encrypted network servers and files, limiting access to users.
• Wyoming Area School District had been the victim of a ransomware attack that locked staff out of their computers. It took about five weeks to resolve the issue.
• The network of the Allegheny Intermediate Unit was hit with malware and it received demands for money. AIU said experts investigated the attack and restored the system to prevent future incidents.

Inside Threats

School systems have to worry about inside threats as well. Here are some incidents reported by K-12 schools in Pennsylvania since 2019, as compiled by Emsisoft:

• Police charged a Franklin Regional High School senior with launching a series of cyber attacks against more than a dozen local school districts, the Catholic diocese and Westmoreland County government.
• A Chestnut Ridge High School student faces charges after he allegedly shut down his school’s computer system for hours from home.
• A Hazleton Area Career Center student was disciplined for attempting to hack into the district’s computer system.
• Downingtown Area School District suffered an attack to gain access to the Naviance college and career resource website. The responsible students were identified and found to have committed a brute-force attack on the system.
• The Nazareth Area School District notified parents of a data breach when a student accessed student records without authorization and put the information on a flash drive.

Back to School

In the rush to catch up on email accumulated during the summer break, some school administrators and teachers may unwittingly click on a bad link that opens the door to ransomware. Not only are the files on that computer rendered useless through encryption but also the files on all connected devices on the network.

The amounts demanded could run well into hundreds of thousands of dollars. Insurance may cover most of it, but the deductible on such policies often runs into tens of thousands of dollars. Failure to pay the ransom could result in recovery costs that run into the millions of dollars.

It would not be wise to focus exclusively on external threats… Schools should also pay attention to suspicious activity from within their networks. As noted in the examples above, students can do harm ranging from changing test scores and final grades to bringing down entire computer systems.

Hacking and unauthorized use of computers are illegal under both Pennsylvania and federal law. Students should be advised periodically during the school term that even the attempt to break into school computers can lead to arrest and a host of charges that can be prosecuted as misdemeanors or felonies. Add to that the cost of a specialized defense attorney…

---------------

Nathan Muller is the author of 29 technical books and over 3,000 articles that have appeared in 75 publications worldwide. He also writes articles, blogs and social media content for tech companies and their executives.

Everything You Need. More Than You Expect.
703-407-4363  |  info@xpheria.us