By Nick FitzGerald
As one of the biggest threats of 2016, ransomware is quickly building its impressive catalogue of corporate victims, including hospitals, government departments, banks and even law enforcement agencies. With educational institutions holding more personal data about children than ever before, it should come as no surprise that schools have become the latest addition to e-criminals’ list of targets.
Horry County School in South Carolina, USA, is a compelling example of the ransomware rise in schools. Cyber criminals used a breach in an older server with software that contained out-of-date applications. The school could not recover all of its data and, with the significant time spent on solving the issue, decided to pay a US$8,500 ransom to retrieve the data. As seen from this example, the payload of ransomware attacks can be particularly damaging for organisations.
However, paying criminals is strongly advised against, even when it seems expedient. Ransomware authors are under no obligation to actually give victims what they pay for. Suffice it to say, cyber criminals are not generally renowned for their devotion to customer service.
Judging by the number of attacks being reported and the number of new malware forms being researched in ESET’s labs, ransomware is not only on the rise but is also becoming more sophisticated and aggressive. Measures to help repair ransomware damages can offer a solution to the fear and drama caused by these extortion costs, but not all damage by all file-encrypting ransomware can be successfully reversed with custom decryption tools. Hence, the best solution for ransomware is to have effective security in place to avoid it in the first place.
Why is Ransomware Dangerous?
Ransomware is a particular form of malware, where access to data is blocked and held hostage by criminals, until a sum of money is paid.
Whether they specifically target large organisations, such as hospitals and schools, or just ‘get lucky’ and happen to notice that some specific victim appears to be such an institution, the cyber criminals behind ransomware attacks know these organisations are more likely to pay large ransom amounts in order to gain back access to their sensitive data.
What makes Schools Unique?
Schools have various types of corporate, personal, health and financial data for students, parents and staff – all of which is highly sensitive and thus very lucrative for criminals.
While organisations such as hospitals are fairly limited by which devices are approved to enter the network, schools generally encourage their users to bring their own devices. These untold numbers of unmanaged machines connected to the school’s network bring about higher levels of challenge for effective security management, leaving the network vulnerable to various forms of malware.
What Can Schools Do?
The best line of defence against malware is being prepared. Here are a few ways to best avoid the damages possibly caused by cyber criminals:
- Back up data: This may be obvious, but it is also crucial. Having regularly updated and (more importantly) secure backups of data can prepare schools in emergencies and against ransomware. Ensure this backup is on an external drive or backup service – one that is not assigned a drive letter and is disconnected from the systems and network when not in use.
- Test the backup restoration process: This is less obvious, but even more crucial! Having regular backups of data is worse than worthless – because of the wasted time and effort, and the false sense of security – if that data cannot be restored should the need arise.
- Keep software up to date: Having updated software can decrease the potential of malware infections. This can be done in a number of ways, including enabling automatic updates, updating through the software’s internal update process, or going directly to the software vendor’s website.
- Use a reputable security suite: Having both anti-malware software and a software firewall can provide layered protection, helping identify threats or suspicious behaviour. Choosing the right security suite can be a challenge in schools; however, some are designed specifically for tailored needs.
- Use the principle of least privilege: Creating access barriers for users within the school’s network can slow or halt the spread of malware. Students, teachers and administrators should only have access to systems that are necessary and appropriate to their scope of work. Personal devices brought from home should also be treated differently from machines that always remain within the school network.
- Educate users: It is essential to inform all users in the network about what constitutes an acceptable use of school resources. Proxy firewalls can be used to limit harmful and inappropriate content being accessed by students. Other measures, such as posters and educational material, can be displayed in computer labs to educate users on how to recognise the warning signs of malware. These can also encourage users to inform the school when an accident has occurred, so damage can be limited by quick and corrective action.
The valuable data under the care of schools is a lucrative target for cyber criminals looking to turn a profit. Once a target is identified as vulnerable, the criminals are likely to return and attack again. By taking the time to prepare before an emergency happens, schools can minimise the risk of losing access to their data or having to pay criminals to regain it.
If there is one lesson to remember, it is this: prevention is always better and easier than the cure. The best way to ensure prevention is to take responsibility for education about, and protection against, ransomware.
Nick FitzGerald, a renowned information security expert, is a Senior Research Fellow at ESET. He holds a degree in Education and Psychology and is a member of numerous groups in the field of cybersecurity.