Ransomware Infects Public Schools Nationwide
Throughout the month of August, several public school districts across the nation fell victim to ransomware. Here is what we know, the ransomware variants differed from attack to attack, although the most frequently used ransomware strain was Ryuk. This specific ransomware-type piggy-backs of a trojan virus. Once the trojan successfully deploys, Ryuk is installed and lays dormant until the cyber criminals decide to execute it. Upon execution, the files within the connected network become encrypted, making them inaccessible.
Who was infected?
Public schools across the nation were infected. Below is a list of those which went public with their ransomware infections.
- North Lamar Schools of Texas
- Mineola Public Schools of New York
- New Kent County Public Schools of Virginia
- Nampa Idaho School District of Idaho
- Middleton School District of Connecticut
- Wolcott Public Schools of Connecticut
- Wallingford School District of Connecticut
- Camp Verde Unified School District of Arizona
To some, this may seem like a small list. However, keep in mind the following points.
First, these are only public school districts. Second, these are only the attacks that went public. Many times, entities that fall victim to ransomware do not disclose the cyber attack. Or, if they do, they do not disclose it was ransomware. Lastly, consider the growth of the ransomware epidemic. In 2016, there were seven publicly disclosed ransomware attacks on public school districts. Let me reiterate. That is for the entire year of 2016 — seven attacks total. The number of publicly disclosed ransomware attacks in August 2019 surpasses that alone.
What Can Schools Do?
To avoid becoming the next victim on the list above, school districts need to do the following:
- Ensure all operating systems and third-party applications are updated
- Keep all backup systems up-to-date and stored either on the cloud or on an external storage device
- Deploy a security solution that implements application whitelisting
- Use two-factor authentication
- Disable all unused remote desktop protocol (RDP) ports
1,485 total views, 16 views today