As the Fall semester begins, schools and students face a double whammy of Coronavirus shutdowns and Ransomware attacks.
Stories of school attacks accelerated just as students returned - stopping in-person and virtual learning.
Maybe it's because these hackers often aren't fond of their teachers (yes, even present tense) or perhaps it's because the schools are often forced to pay the ransom!
Hartford, CT is just one of the latest victims to disclose their network compromise.
“As you know, we are heavily relying on all of our technology and our staffs’ ability to access that technology in order to deliver remote instruction,” said Hartford Superintendent of Schools Leslie Torres-Rodriguez.
One of the most notorious hackers of schools is called the NetWalker Group. Their efforts have focused on schools because the student and faculty information they steal is extremely sensitive, leading school officials with little choice but to pay up.
NetWalker isn't the only group focused on schools, but their efforts have taken down schools across the board. They've hit colleges like UCSF Medical School and the University of Utah and taken down primary schools across the country.
The ransomware virus caused an outage of critical systems and the restoration of those systems are not complete." - Hartford Public Schools
Back in Hartford, the schools will pick up the pieces and hope that digital forensics find no sign of sensitive data theft. This process can takes weeks or months and at huge expense - those cybersecurity professionals can be expensive!
At best, students and parents just missed a few days of school and can rest easy. At worst, the cybercriminals have a treasure trove of data to force a ransom payment. Either way, these attacks continue at a rapid pace, and nearly every one of them starts just the same way.
Each of these attacks follows a playbook, starting with Phishing emails. That's the good and bad news. Good news - they can be stopped! Bad news - sending Phishing emails costs attackers nothing, meaning they will keep targeting our people.
The first step is training your team to avoid the initial Phishing email, the one that the school employees fell for in each story.