We read about them all the time. Cyberattacks. Hackers taking down networks at schools, local government offices, and medical facilities. But this time it was different. This time, they came after your community. Your school. This time, it felt different. It became personal.
Nampa’s school district was one of the eight schools hit with ransomware last month. Although eight attacks may not seem like a lot, it’s important to keep in mind the trends of years past. This meaning, in 2016, there were a total of seven attacks that hit public schools, nationwide. In 2017, there were eight. In 2018, five. But today, in 2019, there have been 24 attacks just this year — a number that surpasses the total number of ransomware infections for the past three years, combined.
I may live across the country from you, but I get it. In February 2016, the enemy corrupted my children’s school, Horry County Schools, too. In fact, Horry County Schools was one of the first schools to publicly disclose suffering a ransomware attack. And since, it hasn’t slowed down. Not only has the number of attacks increased, but so have the ransom demands.
In February 2016 when Horry County Schools was hit, they paid the ransom demands of $8,500. Fast forward to 2019. In July, Rockville Centre School District also paid the ransom demands. This time, it was $88,000.
With victims paying the demands, these attacks aren’t slowing down, and are in fact increasing in frequency. Hackers are drooling, and they won’t stop as long as their efforts are profitable.
So, what can schools do to prevent falling victim?
First, it’s important to educate. Informing staff and student of current cyber security threats, and red flags to spot them, is the best way to prevent them from installing malicious software, clicking on a bad link, or even falling victim to a scam.
Second, is choosing the right security solution. In the case of Nampa schools, the infection only impacted Windows devices. Chromebooks and Mac products were not affected. This does not mean they are immune from attacks, but by and large, hackers target Windows operating systems. Why? Because they have the highest market share. Therefore, IT professionals need to ensure they’re choosing a security solution that is proactive. Hackers aren’t using a one-trick-pony to infect networks. It’s a combination of different ransomware variants and backdoors. Therefore, the security program should only permit known trusted programs to run, thwart fileless malware attacks, and close any unused remote access ports. To properly protect the network, the security solution should address all three of these areas.
Third, staff and students must practice proper password hygiene. This means, do NOT use the same passwords for multiple accounts. In addition to using different passwords, individuals connected to the school’s network should be using passwords with maximum strength including long passwords that include capital and lowercase letters, special characters, and numbers. These passwords should also be changed, at a minimum, every 90 days.
Ransomware continues to target businesses, schools, local governments, and even home users. These tips can be used for all entities.
Cyberattacks are preventable, if the right preventative measures are taken. It’s time to be proactive and defeat this cyber enemy, once and for all.