|
|
Credit: The K-12 Cybersecurity Resource Center
Education Dive
Recent school ransomware attacks highlight need for ongoing vigilance
Naaz Modan
Jan. 3, 2020
In a routine cleanup over the holiday break, the IT department in
Michigan’s Richmond Community Schools "noticed something unusual” with
the district’s computers. It was a ransomware attack — something
districts are becoming all too familiar with.
"Immediately, they shut down the portal where [the virus] had entered
the system, shut down other servers that we believe have not yet been
infected, and disconnected the internet," Superintendent Brian Walmsley
said. "We tried to preserve what was still good and spent the weekend
trying to figure out how big the problem was."
While the district confirmed no student or staff information was
breached, the ransomware virus impacted several district servers and
"affected critical operating systems" including heating, telephones and
classroom technology.
The attack mostly infected teachers' saved files, such as curriculum
plans and textbook chapters, Walmsley said, and its source demanded
$10,000, which the district refused to pay.
Thanks to a daily backup housed in a separate building that was
"disconnected immediately" after discovery of the attack, the district
restored phones, operating systems in the classrooms and the internet.
Restoring teachers' files "will come at a later date," Walmsley said,
noting the district is "trying to make sure that we don't reinfect the
systems."
Schools are expected to reopen Monday after an extended closure following the break.
How to protect against cyberattacks
While the district in this incident ensures no student or staff data —
stored in a separate county-level building — has been compromised, K-12
cybersecurity expert Doug Levin said in most cases "it can be very
difficult to know whether or not there has been a data breach."
According to Levin, Richmond Community Schools' attack is one of 746
publicly disclosed incidents targeting schools since 2016, a number
that has climbed significantly from 408 around this time last year and
has affected both large urban districts and smaller rural schools.
Washington’s Issaquah School District 411 also reported a malware
attack this week.
As more schools incorporate technology in the classroom, and depend on
it for everyday functions like payroll and heating and cooling,
potential vulnerability for attacks increases.
"School leaders need to weigh the potential benefits of technology with
the potential risks that they introduce, among those are cybersecurity
risks," Levin said. "And they need to have a plan in place to manage
these risks."
This could include keeping a cybersecurity insurance policy or regularly auditing.
Walmsley said in his district's case, it could've been as simple as
regularly changing and strengthening passwords, something Levin agrees
can mitigate risk.
|
|
|
|
