TASB Risk Management Fund

Pulling Back the Curtain on the Big Business of Ransomware

January 24, 2019 Jessica Clark

The day started like any other. Staff arrived at school and prepared for the business of educating young minds. But when they tried to log into their computers, they realized someone arrived long before them, wrapped up their own business, locked the computers, and left an ominous message behind:

“The files on this computer have been encrypted. You have seven days to submit payment via bitcoin or all files will be permanently deleted.”

Sheer havoc

This real story is an example of ransomware, a type of malware. Ransomware locks, or “encrypts”, your computer systems, files, or data or steals your data and holds it for ransom. Once this occurs, no security software or system can restore or return it. In many cases, paying the ransom is the only way to open the lock and avoid losing everything.

Ransomware attacks have the power to wreak sheer havoc on everything from global organizations to school districts right here in Texas. If criminals get their hands on your transcripts, records, curriculum plans, or other data, you could be forced to halt operations or shut down abruptly, or even deal with the repercussions of a data breach in the event the data is stolen. The consequences can be even more devastating if criminals are able to gain access to your back-ups, which unfortunately happens frequently.

Stealing the crown jewels

It is not uncommon for schools to lack security detection technology to prevent and expose network intruders. Without this technology, there’s no way to know the criminals have made their way into your network. The longer intruders spend inside your systems with unrestricted access to  your data, the more time they have to gain access to and lock up your only alternative to paying their ransom: your back-ups.

Think of it as the technical equivalent to a fine-jewelry store with no alarm system, cameras, or security guard. The thief throws a rock through the front window, goes in, and helps himself to everything in the front of the store. Unconcerned about being detected, he makes his way to the back of the store. That’s where he finds a small safe hidden behind a secret wall. The criminal cracks the code, and takes off with the crown, leaving the jeweler with nothing.

Money for nothing?

In the event of a ransomware attack where criminals are also able obtain your back-ups, you could face the difficult choice of paying the ransom or losing everything, which would result in a catastrophe. The FBI has stated that they do not support paying a ransom for a number of good reasons. Paying doesn’t guarantee criminals will hold up their end of the agreement. In fact, they might demand more money, or, never return the files at all. There’s also no guarantees everything will be returned to working order.

Whether to pay a ransom is a serious decision that should be guided by someone with cybersecurity expertise. Another concern is that you will be known to pay, and once money is exchanged, the criminals could continue to target your organization. When criminals receive payment, they are only fueled by their success. This means they’re also likely to target other schools, creating a domino effect that impacts the ability of all public schools to serve Texas school children.

Prepare for ransomware

In today’s cyberthreat landscape, it’s a matter of when, not if, cybercriminals will target your district. As the old saying goes, failure to prepare is preparing to fail.

Here are four things you can do to protect your systems, data and files from being victimized by ransomware:

  1. Invest in back-ups now or bitcoins later
    Designate a separate server that’s secured with high-level encryption and protected with multi-factor authentication. Ensure the server is backed up daily. As an alternative, more cost-effective option, regularly back up an external hard drive and physically disconnect it afterward.

  2. Take the road to resilience
    Cyberthreats are not new. If you haven’t allocated budget for cybersecurity, you’re behind. Adopting new technology without considering security and privacy implications only increases cyber risks and makes them more difficult to manage in the future. Remember, anything that connects to the Internet is hackable. To tackle cybersecurity risk, it’s essential to create a comprehensive program driven by a combination of people, processes, and technology. Consider investing in the following specialized tools and resources:

    • Technical security solutions, including real-time alerting mechanisms, such as network intrusion detection systems (IDS) and network intrusion prevention systems (IPS), are designed to “catch” attackers who access the school network before they have the chance to steal files, hold back-ups hostage, and put your district in a bind. You should also consider investing in anti-exploit technology, which is an additional security layer that blocks common attacker techniques. Anti-exploit technology can be on individual computers to protect against software commonly targeted by attackers, such as Adobe PDF Reader and Microsoft Office. Web browsers, like Firefox and Chrome, in addition to their plugins, like Flash and Silverlight, which are thought to be vulnerable can also be protected.

    • Qualified cybersecurity professionals, including network security engineers, information security managers, cyberthreat analysts, and security architects have specialized skillsets that can help districts strengthen technical defenses, build detection capabilities, and develop response procedures to properly investigate cyber incidents and limit their severity.

  3. Remember: an update today keeps attacks at bay
    Ransomware attacks frequently take advantage of software vulnerabilities. That is why technology companies regularly send patches to update and “fix” these software security loopholes. Many users, such as central office staff and school faculty, do not install the updates regularly, which opens district computers and systems to attack.

  4. Train your staff
    Phishing emails and other forms of social engineering are among the most common ways computers are infected with ransomware. Train yourself and all staff to recognize phishing campaigns and suspicious websites. Staff should also learn to avoid surfing the web on school-provided devices and engaging in other behaviors that can open the door to ransomware attacks.

The Fund is here for our members

The TASB Risk Management Fund (Fund) is here to help protect our members from cyberattacks. Fund members in the Property and Liability program benefit from Privacy & Information Security coverage. Members should work with Fund vendors on response and recovery. Members that suspect they have been the targeted by cybercriminals should call us immediately at 855.295.8344 and report a claim.

Tagged: "cyber security", cybersecurity, "data breach"