If one thing is becoming clear with the increasing frequency of ransomware attacks, it’s that the perpetrators like to strike when a victim is at their most vulnerable point. The latest victim, Los Angeles Unified School District (LAUSD), fits the bill for an emerging trend for cyber criminals—hacking into school district’s networks and holding the data ransom.
It’s pulled right out of the playbook of Sun Tzu’s (Art of War) philosophy of winning without fighting—a strategy that aims to ruthlessly exploit an opponent’s weakness by striking their most vulnerable assets. It’s the same age-old script cyber criminals are rehearsing before they identify a target.
It could be a three-day weekend where the IT department had a well-deserved vacation planned. Or during a holiday break when staff was trying to spend time with family. But recently, cyber criminals have been preying on the weaknesses of school districts who are overwhelmed, underfunded, and often understaffed during the first few weeks of school.
The Trojan Horse can be as unsuspecting as a phishing email. As soon as a faculty member or student clicks it, the ransomware escapes and can infect the entire system.
The Latest Victim
Los Angeles Unified School District returned to school on August 15th, which was detailed in an announcement on the district website after the school board approved a new school calendar. Less than three weeks into the school year—during the Labor Day Weekend—a massive cyberattack shut down a number of the district’s systems. The same calendar announcement from the school board is no longer visible due to the cyberattack. Instead, visitors are welcomed by a message that reads “We’re experiencing a service outage with multiple applications.”
While Labor Day has traditionally commemorated the fight for fair working conditions in the 19th century, the three-day weekend recently has become a constant fight to combat cyber attacks that target schools large and small.
As the second-largest school district in the United States, Los Angeles Unified school district had more safeguards in place than most, but there were still vulnerabilities that allowed the ransomware to disable email, slow-down or cripple systems used by students and staff, as well as shut down the district website.
While the school has not seen evidence of health information being accessed, the encryption used by the hackers will likely cover their tracks enough to make a precise determination of what information was accessed nearly impossible.
Why School Districts?
Simply put, school districts are treasure troves of data. Faculty information, student transcripts, salary information, gradebooks, etc.
Without access to this data, schools cannot take attendance, log grades, onboard students, or post updates to their website—in other words, most operations are severely crippled. Because of this, that data is extremely valuable to the school, which provides enough motive for a hacker to hold it ransom.
Los Angeles Unified School District is just the latest in a long line of schools who have suffered from cyberattacks. Less than four months ago, a cyberattack completely shut down Lincoln College in Illinois—a school that had survived multiple World Wars, epidemics, a global pandemic and the Great Depression. They even paid the $100,000 ransom to the hackers to recover data, but needed an additional $50 million to continue operations.
A Growing Concern in Education
On Tuesday, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint announcement detailing their findings from cyber investigations.
“Over the past several years, the education sector, especially kindergarten through twelfth grade (K-12) institutions, have been a frequent target of ransomware attacks,” the release states.
“Impacts from these attacks have ranged from restricted access to networks and data, delayed exams, cancelled school days, and unauthorized access to and theft of personal information regarding students and staff.”
The release goes on to state that “The FBI, CISA, and the MS-ISAC anticipate attacks may increase as the 2022/2023 school year begins and criminal ransomware groups perceive opportunities for successful attacks. School districts with constrained resources are often the most vulnerable; however, the opportunistic targeting often seen with cyber criminals can still put school districts with robust cybersecurity programs at risk.”
The release closes with a recommendation: “The FBI, CISA, and the MS-ISAC encourage organizations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of ransomware incidents.”
These recommendations include:
- Maintain offline backups of data
- Ensure all backup data is encrypted, immutable
- Review the security posture of third-party vendors and those interconnected with your organization
- Implement listing policies for applications and remove access that only allows systems to execute known and permitted programs
- Document and monitor external remote connections
- Implement a recovery plan
While they don’t have a crystal ball, the FBI and CISA have released previous announcements warning of trends related to cyberattacks. Back in August of 2021, they released an announcement warning that they had “observed an increase in impactful ransomware attacks occurring on holidays and weekends—when offices are normally closed.”
The announcement also goes on to state that “cyber criminals, however, may view holidays and weekends—especially holiday weekends—as attractive timeframes in which to target potential victims, including small and large businesses.”
What’s worse—cyber criminals appear to be evolving faster than the security measures in place to stop them. These mad scientists stop at nothing to evolve their tactics to be more sophisticated than the existing defenses.
Phishing emails are getting more sophisticated—often appearing to originate from trusted vendors.
Encryption skills are continuing to develop—making it harder to identify who was behind the attack and what data was compromised.
Additionally, many of the cyber criminals are members of international crime groups that are out of the reach of U.S. law enforcement.
In August of 2021, ZD Net performed a study that tracked more than 220 ransomware attacks—just targeting schools—all which have occurred since 2018. There were 50 ransomware attacks on schools in 2020 alone, plus an additional 62 in 2021, according to an annual report rom the K12 Security Information Exchange. Ransomware is the now the most common form of cyberattack targeting schools, accounting for more than a third of the attacks targeting K-12 schools.
Is There a Solution for Ransomware?
It’s a question being asked by IT departments everywhere: How do we best protect our file server data from these types of attacks?
Jesse Charfauros, Founder and CEO of restorVault, explains how restorVault can protect your data by offloading it from primary servers, making that data impervious to ransomware.
“By offloading inactive data from primary servers, an organization can reduce the amount of data that can be attacked with ransomware—all while improving server performance and extending its server storage lifespan,” said Charfauros.
It’s really not a matter of if anymore, just when. Cyber criminals are constantly searching for vulnerabilities that would allow them to encrypt data and hold it ransom.
Do you have the proper safeguards in place? It’s all but a forgone conclusion that a cyberattack will target another educational institution in the coming weeks. Wouldn’t it be nice to go into winter break without worrying about the consequences a massive cyberattack while staff is on holiday?
Western Integrated Systems has been a trusted provider of digital transformation solutions for more than 40 years. Let us work with your school to implement a solution that will safeguard your data so your faculty can focus on providing the best educational experience possible for your students.