School bell ringing? No, that’s probably the alarm for your children’s personal information being exposed online by ransomware gangs—even if your school district paid up.
That’s one of the main concerns Center for Internet Security Cyber Threat Intelligence Manager TJ Sayers has about the current threat landscape for K–12 districts.
Sayers told IT Brew that CIS is seeing a steady increase in ransomware attacks on schools, an issue that’s been ongoing for years, and that the information taken in these attacks is showing up online even when districts fork over the ransom money.
“Some cyber criminal organizations are still, six months or nine months later, posting that information on dark web forms for sale—irrespective of, sometimes, the victim paying,” Sayers said.
Increased attacks. Ransomware gangs have been stepping up their attacks; the threat is at a record high. And those attacks are focused on schools specifically. A December 2022 Unit 42 analysis of hacking group Vice Society found that the gang is increasing its targeting of schools, often at times when districts are under stress, like the beginning or end of the school year.
Last September, the Los Angeles Unified School District was hit with an attack at the beginning of the school year. The attack was notable, Pardee Rand Graduate School professor Todd Richmond told IT Brew at the time, because of the threat that could be posed down the line from malicious code lying in wait.
“I worry less about the ransomware attacks, and I worry more about the Trojan horses that are being installed for use at a later date,” Richmond said.
Danger, danger. Today, the main threat might be the information that’s being released irrespective of payment. Sayers explained that the sensitive data, which includes health and other information about children including Social Security numbers and other identifying details, is ending up online.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
“You’ve got to think [it’s] everything from disciplinary actions, health related information, physical health, mental health, age range, grades, performance, and academics; courses that they’re taking; information on the parents, socioeconomic status,” Sayers said.
That the leaks are going to the dark web makes it hard to track what information is being leaked. And the nature of the attacks and the information at stake means that districts are over a barrel. Even if there’s a chance the information will still leak, they are under severe pressure to pay.
Solutions. Luckily, district IT teams have some options to fight back, or even ensure it doesn’t happen in the first place. CIS offers a membership to the Multi-State Information Sharing and Analysis Center (MS-ISAC), which can help detect threats. The no-cost resources that come with the free MS-ISAC membership include training and domain blocking.
Sayers also advises that districts institute common-sense standards and regulations to avoid phishing scams and other threats. Security hygiene and awareness are essential to push back against ransomware gangs, who often look for a weak link to get in the door.
Parents should also take care to protect their children’s information by implementing credit freezes and putting up guardrails on social media use. Encouraging the district’s IT department to encrypt data and back it up is also important.
“That limits, once [information is] stolen from them, being able to read it, propagate it, and stuff like that,” Sayers said. “And the backup side of things enables organizations to get back up on their feet quicker because they don’t have to pay the actor to get their data back, they already have a viable backup that they can work from.”