School ransomware attacks are threatening student safety
School district leaders don’t always connect school ransomware and student safety, but it’s an important topic in today’s K-12 cybersecurity landscape. The state of K-12 ransomware is changing. Cyber criminals are stealing data before or after a ransomware attack takes place. That poses an immediate threat to student safety.
Why is School Ransomware and Student Safety a Concern?
In the past, most cyber criminals focused on obtaining a monetary payment from a school before they would release the school’s information systems. But, as these hackers get more sophisticated, and as they find that schools often don’t have the money or the willingness to pay them, they’re turning to use the data they’ve stolen in new ways.
In Johnston, Iowa, for example, students and parents were overwhelmed by text messages that threatened to harm or kill students. The school district closed eight schools for a day to do a security sweep. In Flathead County, Montana, similar threats caused the closure of more than 30 schools for three days.
School admins need to be concerned about personally identifiable information (PII) such as names, telephone numbers, and physical addresses being stolen from their information systems. When these criminals acquire that type of information, they can cause havoc for schools—and for the students. For example, hackers are known to:
- Steal the identity of students and/or their parents, causing severe damage to their finances and personal well-being
- Sell the information to anyone on the dark web, which can include identity theft criminals, sexual predators, and human traffickers
- Use bullying tactics to get payment from parents and/or schools, often causing emotional pain to students
- Communicate threats of violence and/or psychologically abuse students
Understanding School Cloud Ransomware
Many district IT teams don’t fully understand or appreciate the time bomb that is ticking in their cloud applications. Those applications, provided by vendors such as Google and Microsoft, make school ransomware and student safety an issue that needs to be addressed as a top priority.
Your cloud applications contain data that is stored, accessed, and shared by a variety of users. It’s everything that someone mounting a ransomware attack wants to access. And it’s a cybersecurity gap in the cloud that criminals are exploiting.
Ransomware attacks now often start in the cloud. There’s a new name for the problem, RansomCloud. With the majority of districts using apps like Microsoft 365 and Google Workspace, school cloud ransomware attacks are increasing. Part of the reason this is such a problem is because many IT teams think that their providers are protecting their data.
Under the shared responsibility model that the providers use, however, they are only responsible for ensuring that their equipment doesn’t fail due to an equipment or software problem, or a power outage. The school district is responsible for protecting against accidentally deleting data, hackers, malware, ransomware attacks, and more.
In many cases, district IT teams’ best bet is to work together and share school ransomware protection tips to help increase your defenses against ransomware attacks. Common tips include: having a written response plan, training users in good cybersecurity procedures, and practicing your cybersecurity response. It’s one thing to write a plan. It’s another to find out just how well you can execute that plan. Cybersecurity drills should become as common as fire drills.
Ransomware Protection Checklist
Using a ransomware checklist to address school ransomware and student safety issues in your district’s cloud environment is another good idea. Using a checklist will help you audit your cloud application security configuration settings consistently.
For example, you’ll want to make sure that you have phishing and lateral phishing detection turned on, properly configured, and up-to-date with the latest features that Google and Microsoft roll out. Cyber criminals often use phishing emails to gain the access they need to mount ransomware attacks, and as their tactics evolve, so do anti-phishing protections. An example of this is lateral phishing, a relatively new tactic that occurs when hackers take over the account of a user within your district’s domain. They then use that account to send phishing emails internally, which will not be detected by most traditional phishing filters.
Your checklist should also address proper monitoring for and detection of malware (both in email and shared drive files), login activity, and third-party OAuth applications. Monitoring for these types of risks in your Google Workspace and/or Microsoft 365 domains will help you detect ransomware early warning signs. Early detection and quick response is critical for staving off ransomware attacks.
If you would like to address the most critical things you can do to fight against ransomware, feel free to download a free copy of our Ransomware Protection Checklist.