Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

The Cliffs Notes Version to Addressing the Ransomware Threat at Schools

It's back to school time: for teachers, students…and cybercriminals.

While pupils will be back churning out papers and cramming for exams, IT personnel working at K-12 schools, as well as colleges and universities, face their own stern assignment: fighting off the wrath of cybercriminals.

One threat in particular - ransomware - has moved to the forefront across all sectors, including education.

Last fall, the U.S. Department of Education warned of a spike in cyber extortion threats. And earlier this year, the FBI issued an alert about an active campaign targeting schools that involved a malicious hacker group stealing sensitive data records and threatening to make them public unless a payment was made.

An abundance of unsecured endpoints connecting to the web (especially a problem on college campuses) and large amounts of sensitive data being stored on devices and across networks - combined with lenient policies and limited security skills and budget in the IT department - make schools a ripe target for digital attacks, including ransomware.

If you're unfamiliar with dealing with the ransomware threat - and that's okay if you are because it is a tough one to defend against - here is a freshman orientation, of sorts, on how to help prevent, detect and respond to this continuing risk. The advice can also extend to other types of cyberattacks.

Assess Your Risks and Prepare for an Incident

In the same way that students don't (usually) just wing a test without studying and expect to ace it, you need to come prepared and take the fight to your adversaries. That means assessing your risk (and that of your suppliers), knowing where your data lives, establishing visibility on your network and having an incident response plan in place.

Identify Vulnerabilities and Patch

Cybercriminals often turn to software weaknesses to distribute ransomware through phishing emails and exploit kits, so you should operate a vulnerability program that emphasizes discovery (scanning and penetration testing) and prioritizes patching.

Educate the User Population

Students and staff are typically the ones who will invite in ransomware; as such, policies and enforcement regarding equipment usage and access controls are necessary. Exercises like phishing simulations are effective, but be careful not to just ram rules and education down your user base's throats. Learn about them and their tendencies - and give them "responsible, honest and compassionate advice." The ultimate goal is to build a culture of security, where data safety hygiene is inherent to all digital activities.

Deploy Endpoint Defenses

Since most attacks begin when a single computer is compromised, endpoint protection is worth embracing. Consider moving beyond traditional anti-virus and intrusion prevention systems to also include suspicious activity monitoring and response capabilities - all of which can help limit the extent of an incident and prevent a future one from occurring. Most good endpoint detection and response (EDR) products identify ransomware immediately, based on the combination of malicious behaviors it exhibits, and suspends the encryption process before it can hold files hostages, let alone move laterally across the network.

Have a Back Up and Recovery Process

This is the most recommended technology practice to limit the blow of ransomware attacks. Conduct regular backups and store the backups offline. If an incident occurs, you'll be able to revert to the last clean system copy and return closely to business as usual. Most of all, backups will serve as a firm deterrent to paying the attacker's ransom demands - which, by the way, never guarantees that they will release control of your data anyway.

Now let's get going. We've got some homework to do!

Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.



Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More