Ransomware attacks have emerged as a significant threat to educational institutions. Cybercriminals encrypt sensitive data and demand payment for its release, severely disrupting school operations and leading to exorbitant recovery costs for districts. With ransomware tactics continually evolving, the security of the entire U.S. education system is at risk.
Ransomware attacks have been increasing exponentially for K-12 schools due to their digital assets, vulnerable end users, and under-resourced or nonexistent cybersecurity programs. According to a recent article by Comparitech, there has been a 393% increase in ransomware attacks since 2016, costing an estimated $35.1 billion in downtime from reported incidents. Many incidents remain unreported, making the true financial magnitude difficult to quantify. Ransom demands vary dramatically, ranging from $1,000 to tens of millions in cost. For example, Broward County Public Schools in Florida was targeted in 2021, where the Conti ransomware group demanded $40 million, which the school district refused to pay. As a result, the hackers published 26,000 stolen files impacting over 48,000 people.
What Is the First Step Schools Can Take to Prepare for Ransomware Attacks?
Cybersecurity is an ongoing commitment as cyberthreats continue to evolve and prey on the most vulnerable. In Gartner’s report, “ How to Prepare for Ransomware Attacks”, Gartner suggests that security and risk management leaders must first focus on the pre-incident stage of the ransomware attack including the preparation and multilayered prevention of an attack. This strategy should include a backup process, asset management, identity and access management, risk-based vulnerability management, and security awareness training.
Components of Pre-Incident Preparation:
Backup Process
- This is the primary line of defense for data recovery after ransomware. Ensure the backup solution is resistant to ransomware attacks and regularly check the status of broken backups.
Asset Management
- Create a resilient asset management process to determine what needs protection and assign responsibility, focusing particularly on legacy systems.
Identity and Access Management
- Restrict access to critical applications, enforce strong authentication, update PowerShell scripts, and block command prompt access, all aligned with zero trust principles. (PowerShell scripting is often used by IT professionals to automate tasks, manage systems, and build solutions).
Exposure and Vulnerability Management
- Adopt a continuous exposure and vulnerability management program to discover and mitigate exposures and vulnerabilities. Incorporate threat intelligence to correlate known exploits with vulnerability scanning, as ransomware can exploit unpatched systems for lateral movement.
Security Awareness Training
- Continuous education of end users is crucial to keeping data safe. Regular alerts, cyber awareness newsletters, and repeating easy-to-understand security tips will make users less likely to fall for social engineering.
Taking Action
By partnering with a managed security service provider like LevelBlue, schools and libraries can take the first step in building a resilient security strategy to prevent and mitigate ransomware attacks. LevelBlue simplifies cybersecurity strategy planning and can help implement an incident readiness and response strategy in the face of a complex, evolving threat landscape.
LevelBlue offers core services that address ransomware attacks:
Incident Readiness and Response
- LevelBlue offers a comprehensive suite of incident readiness and response services, including risk assessments, vulnerability management, incident response planning, breach investigations, and employee training. These are customized to meet an organization’s specific requirements, ensuring proactive prevention and mitigation of cyber incidents. By leveraging top-tier solutions and technology, LevelBlue helps organizations react to threats such as ransomware attacks and proactively prepare to respond effectively.
Managed Endpoint Security
- LevelBlue delivers advanced endpoint detection and response (EDR) with continuously updated threat intelligence to identify, investigate, and respond to threats across desktops, laptops, servers, virtual machines (VMs), and cloud containers. Schools and libraries benefit from a fully managed service with 24/7 monitoring and threat hunting delivered by the LevelBlue SOC.
Exposure and Vulnerability Management
- Schools and libraries benefit from a suite of security services to identify, prioritize and mitigate risk from vulnerability and exposures across an organization’s attack surface, including vulnerability management and breach and attack simulation services such as penetration testing and red and purple teaming.
Managed Detection and Response for Government ( MTDR for Gov)
- LevelBlue offers a managed service built on the FedRAMP Moderate-authorized version of the LevelBlue USM Anywhere platform. The service is supported by a US-citizens-only security operations team that provides year-round, 24/7 threat monitoring and management to help protect sensitive and highly regulated student data and ensure educational services are delivered without disruption.
Email Security
- LevelBlue’s Email Security with Check Point protects students, faculty and staff who may unwillingly go to a malicious site or download an infected attachment. This is a fully-managed service that delivers industry-leading protection from socially engineered attacks. The solution offers extensive protection for Microsoft 365 and Google Workspace, encompassing the entire collaboration environment, including file sharing and communication platforms like Slack and Microsoft Teams. The solution is easy to deploy, cloud-based, and does not require proxies, appliances, or endpoint agents.
DDoS Mitigation
- Ransomware attacks are commonly followed by DDoS attacks as a secondary threat. In addition, schools can be hit directly with a DDoS attack, taking down critical services. LevelBlue’s DDoS Defense services protect and mitigate against volumetric distributed denial of service (DDoS) attacks.
Ransomware attacks will continue to emerge and target schools and libraries with more sophistication and frequency. Watch for Part Two of this blog, “Ransomware Response Plan: What Schools and Libraries Should Do After an Attack” and learn how leveraging incident response services can address and mitigate the impact of a ransomware attack.
Want to learn more about how LevelBlue can help schools and libraries? Contact our security experts today to discuss your specific needs and challenges.
