Students, teachers, and parents across the country have been forced to adapt to remote learning, which can be challenging for a lot of different reasons.
Students and teachers can have their connection interrupted during class, communicating essential topics and ideas is much harder, group projects are a mess. The list of things that can go wrong with remote learning goes on and on.
Now, an unusually large number of students and teachers must add another difficulty to the list: a ransomware attack.
The FBI, CISA, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) recently revealed that the number of ransomware incidents against K-12 districts increased dramatically at the beginning of fall 2020 classes.
And the MS-ISAC says K-12 school districts are now the most likely to suffer from and report a successful ransomware attack.
From January through July, 28% of ransomware incidents involved K-12 schools.
However, when schools began to start up again in August and September, that number rose to 57%, making K-12 districts the most likely entities in the United States to suffer from and report a ransomware attack.
The FBI, CISA, and MS-ISAC also revealed that many of these attacks are extortion based:
"In these attacks, malicious cyber actors target school computer systems, slowing access, and—in some instances—rendering the systems inaccessible for basic functions, including distance learning. Adopting tactics previously leveraged against business and industry, ransomware actors have also stolen—and threatened to leak—confidential student data to the public unless institutions pay a ransom."
Now, let's look at some specifics.
The MS-ISAC also identified the five most common ransomware strains used to attack schools from January through September. These five strains are Ryuk, Maze, Nefilim, AKO, and Sodinokibi/REvil.
Aside from ransomware, malware has also been a problem for K-12 schools. CISA has put together a chart which represents the ten most common malware strains that have affected state, local, tribal, and territorial (SLTT) educational institutions this year, Shlayer and ZeuS being the top two.
Though not as prevalent as ransomware and malware, there have been reports of DDoS attacks on schools, as well as video conference interruptions by cyber actors.
The FBI and CISA are encouraging schools to maintain business continuity plans to minimize interruptions due to a cyberattack. Without proper planning and preparation, schools may be unable to continue classes and administrative operations.
Here are some recommendations for best network practices:
The FBI and CISA suggest that by establishing security policies and plans, schools will be able to successfully address current threats posed by cyber actors.
And hopefully, that will reduce the chances of a ransomware attack making online learning even more difficult for your local schools.