Cyber threats: Ransomware and K-12 education
Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) recently issued an advisory concerning ransomware and its threat to K-12 educational institutions. According to MS-ISAC, from August to September of 2020, 57% of ransomware incidents reported to the MS-ISAC involved K-12 schools, compared to 28% of all reported ransomware incidents from January through July. This trend is expected to continue and potentially grow throughout 2021. The most common ransomware variants identified were Ryuk, Maze, Nefilim, AKO, and Sodinokibi/REvil.
Threat actors have encrypted school computer systems, stolen data, and threatened to publish student data if the ransom is not paid. Attackers have even invaded virtual classroom learning sessions to harass students and teachers. If the attack results in data being accessed or acquired by the threat actor, these educational institutions may have reporting and notification obligations to students, parents, and other impacted individuals, as well as regulators like the state attorneys general and the federal Department of Education. Schools that are grappling with the challenges of remote, in-person, and hybrid learning have nothing left to devote to recovering data, investigating an incident, notifying impacted individuals, and responding to regulators. Given the prevalence of these attacks, and the headache that comes with responding, schools must prepare for the possibility of being targeted.
Below are five essential tips to improve cybersecurity:
- Maintain the most up-to-date security patches and software.
- Regularly change passwords.
- Use multi-factor authentication and consider encryption or other secure methods for transmitting sensitive data.
- Regularly back up data and password protect backup copies offline.
- Encourage teachers and students to avoid sharing passwords or meeting codes.