Blogs & Stories

Trustwave Blog

The Trustwave Blog empowers information security professionals to achieve new heights through expert insight that addresses hot topics, trends and challenges and defines best practices.

The Cliffs Notes Version to Addressing the Ransomware Threat at Schools

It's back to school time: for teachers, students…and cybercriminals.

While pupils will be back churning out papers and cramming for exams, IT personnel working at K-12 schools, as well as colleges and universities, face their own stern assignment: fighting off the wrath of cybercriminals.

One threat in particular - ransomware - has moved to the forefront across all sectors, including education.

Last fall, the U.S. Department of Education warned of a spike in cyber extortion threats. And earlier this year, the FBI issued an alert about an active campaign targeting schools that involved a malicious hacker group stealing sensitive data records and threatening to make them public unless a payment was made.

An abundance of unsecured endpoints connecting to the web (especially a problem on college campuses) and large amounts of sensitive data being stored on devices and across networks - combined with lenient policies and limited security skills and budget in the IT department - make schools a ripe target for digital attacks, including ransomware.

If you're unfamiliar with dealing with the ransomware threat - and that's okay if you are because it is a tough one to defend against - here is a freshman orientation, of sorts, on how to help prevent, detect and respond to this continuing risk. The advice can also extend to other types of cyberattacks.

Assess Your Risks and Prepare for an Incident

In the same way that students don't (usually) just wing a test without studying and expect to ace it, you need to come prepared and take the fight to your adversaries. That means assessing your risk (and that of your suppliers), knowing where your data lives, establishing visibility on your network and having an incident response plan in place.

Identify Vulnerabilities and Patch

Cybercriminals often turn to software weaknesses to distribute ransomware through phishing emails and exploit kits, so you should operate a vulnerability program that emphasizes discovery (scanning and penetration testing) and prioritizes patching.

Educate the User Population

Students and staff are typically the ones who will invite in ransomware; as such, policies and enforcement regarding equipment usage and access controls are necessary. Exercises like phishing simulations are effective, but be careful not to just ram rules and education down your user base's throats. Learn about them and their tendencies - and give them "responsible, honest and compassionate advice." The ultimate goal is to build a culture of security, where data safety hygiene is inherent to all digital activities.

Deploy Endpoint Defenses

Since most attacks begin when a single computer is compromised, endpoint protection is worth embracing. Consider moving beyond traditional anti-virus and intrusion prevention systems to also include suspicious activity monitoring and response capabilities - all of which can help limit the extent of an incident and prevent a future one from occurring. Most good endpoint detection and response (EDR) products identify ransomware immediately, based on the combination of malicious behaviors it exhibits, and suspends the encryption process before it can hold files hostages, let alone move laterally across the network.

Have a Back Up and Recovery Process

This is the most recommended technology practice to limit the blow of ransomware attacks. Conduct regular backups and store the backups offline. If an incident occurs, you'll be able to revert to the last clean system copy and return closely to business as usual. Most of all, backups will serve as a firm deterrent to paying the attacker's ransom demands - which, by the way, never guarantees that they will release control of your data anyway.

Now let's get going. We've got some homework to do!

Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.