How to combat ransomware threats in the education sector

Ransomware attacks have been wreaking havoc worldwide for the past few years striking organisations and private businesses across multiple industries ranging from financial services, manufacturing, telecommunications and IT sectors to healthcare. As these industries continue to increase their cybersecurity spending and look for ways to combat ransomware attacks, cyber criminals turn to more vulnerable targets – education institutions.

The most recent example is a ransomware attack that targeted a US school district, the second-largest school district in the United States. The attack hit some of its Information Technology (IT) systems on the weekend of September 3-4 and caused significant disruptions to the network, including access to email, computer systems and applications.

Several weeks later, the Vice Society data extortion group that targeted at least eight school systems in 2022, leaked 500GB of data stolen from the school district, marking the biggest education breach in recent years. The leaked data appeared to contain personal identifying information, including passport details, Social Security numbers and tax forms, as well as contract and legal documents, financial reports containing bank account details, health information including COVID-19 test data, previous conviction reports and psychological assessments of students.

Education institutions have been increasingly targeted by ransomware actors in recent years due to multiple factors, such as limited cybersecurity resources, the use of public-facing portals and third-party applications accessible to students, parents and the community. Ransomware attacks on schools and colleges can cause a lot of damage because they disrupt key computer systems and school operations, and, more importantly, put at risk student data and safety. 

A ransomware intrusion can even be a contributing factor that forces a college to close its doors for good.

In another ransomware incident, a public school system was forced to close for two days because the attack disrupted systems used for such safety tasks as taking attendance, contacting families in emergencies, and assuring that students are picked up from school by authorized adults. 

According to a report, ransomware attacks had cost education institutions $3.56 billion in downtime alone in 2021, with most of schools having to deal with additional recovery costs to rebuild computer systems, recover data and strengthen their defenses to prevent future security incidents. For example, a school district in the US spent nearly $10 million recovering from a 2020 attack.

A new survey showed that both higher and lower education are increasingly experiencing ransomware incidents, with 60% suffering ransomware attacks in 2021 compared to 44% in 2020.

The report has also revealed that education institutions faced the highest data encryption rate (73%) compared to other sectors (65%), and the longest recovery time, with 7% taking at least three months to recover – almost twice as much as other sectors (4%). These results indicate that the education sector lacks adequate defenses needed to prevent a ransomware attack.

Of note, the study says that globally 57% of respondents reported an increase in the volume of cyber-attacks on their organisation last year, while 59% reported an increase in complexity of attacks, and 53% reported an increase in attack impact. Experts estimate that by 2030 ransomware damages will exceed $30 billion worldwide.

The COVID-19 coronavirus outbreak forced education institutions to rapidly adapt to an online format introducing additional risks related to cybersecurity. Furthermore, during the pandemic, institutions with affiliated hospitals and those involved in medical research have been particularly attractive target to ransomware actors and other cyber criminals. In June 2020, a US university that was working on the COVID-19 vaccine paid a $1.14 million ransom after its medical school servers were hit by a Netwalker ransomware attack. 

Ransomware, distributed denial of service (DDoS) attacks, and data breach/theft are three common types of cyber threats that schools should be prepared for. Education organisations already face a broad range of challenges that stem from the shift to virtual learning and remote work, which led to the opening of thousands of access points via computers and mobile devices on networks not controlled by schools’ IT staff. Another problem is that education institutions typically operate within strict annual budgets, which makes it difficult to invest in a robust cybersecurity program.

Therefore, organizations must implement best practices, wherever possible, to prevent cyber-attacks, such as limit internet-facing services, restrict admin access to only those who need it, provide basic cybersecurity training for personnel and students, keep devices and software up to date, implement multi-factor authentication (MFA) for extra protection, apply endpoint protection to safeguard devices used for school.

Experts predict a further surge of ransomware campaigns that are relatively simple to run, are hardly investigable by law enforcement agencies, and bring huge profits, being a perfect ‘business’ compared to other cyber-attacks. What’s most important about these outcomes isn’t whether or not an organisation pays a ransom, but how damage to the victims is prevented and operations are restored. In the end, if the data was stolen, recovery is going to be difficult, if not impossible, so looking to minimize the impact of the breach should be the top priority.

 By Ekaterina Khrustaleva, COO, ImmuniWeb