As we dive into the crucial subject of preparing our schools for the growing threat of ransomware attacks, we will be discussing the following topics:

• What are cyber attacks
• What would an attack look like
• What can cyber attacks do
• Trends in local attacks
• How to improve your cyber security

By addressing these essential aspects, educational institutions can better equip themselves to counteract potential cyber threats, ensuring the protection of sensitive information and maintaining a safe learning environment for students and staff alike.

What are cyber attacks?

Before diving in, let’s define a few baseline terms 

Cyber Attack

A cyber attack can be defined as a malicious attempt to breach, steal, damage, or manipulate the digital infrastructure, sensitive information, or computer systems of an individual, organization, or network. Cyber attackers typically exploit vulnerabilities in software, hardware, or human behavior to gain unauthorized access to digital resources, with the intent to cause harm, disrupt operations, or profit from stolen data.

Ransomware

Ransomware, a specific type of cyber attack, involves the deployment of malicious software that encrypts an organization's critical data or system files. Upon successful encryption, the cybercriminals behind the attack demand a ransom, typically in the form of cryptocurrency, in exchange for the decryption key required to restore access to the compromised data. Ransomware attacks can be particularly devastating for public schools and other institutions, as they often lead to significant disruptions in daily operations and can result in the loss of sensitive information if the ransom is not paid or the encrypted data cannot be recovered.

What would a cyber attack look like?

Some of the more popular attack styles

Phishing Attack

In this type of cyber attack, cybercriminals craft deceptive emails or messages designed to appear as though they originate from a trusted source, such as a bank, a government institution, or a colleague. These messages typically entice the recipient to click on a malicious link or download an infected attachment, which can compromise their device or lead to the theft of sensitive information, such as login credentials or personal data.

Ransomware Attack

As previously mentioned, ransomware attacks involve encrypting an organization's data or system files, rendering them inaccessible until a ransom is paid. The cybercriminals behind these attacks often infiltrate the target's network through various means, such as phishing emails or exploiting unpatched software vulnerabilities. Once the ransomware is deployed, it rapidly encrypts files or entire systems, followed by the presentation of a ransom demand, often accompanied by a countdown timer to pressure the victim into paying the ransom.

Distributed Denial of Service (DDoS) Attack

In a DDoS attack, cybercriminals aim to overwhelm a targeted website, server, or network with a massive volume of traffic, rendering it unable to function or respond to legitimate requests. This type of cyber attack is typically carried out using a network of compromised devices, known as a botnet. The sheer volume of traffic generated by the botnet effectively disrupts the target's services, causing downtime and potentially significant financial and reputational damage.

• Steal personal and financial data, leading to identity theft or fraudulent transactions.
• Leak confidential business information, damaging a company's reputation and competitiveness.
• Sabotage industrial control systems, resulting in physical damage or hazardous incidents.
• Compromise social media accounts, allowing attackers to spread misinformation or manipulate public opinion.
• Manipulate online voting systems, undermining the integrity of democratic processes.
• Hijack computer resources for cryptocurrency mining, causing system slowdowns and increased energy costs.
• Block access to educational resources or online classes, hampering students' learning and progress.
  

Are cyber attacks on the rise?

Yes

Why go after schools?

Increasingly, public schools are becoming the targets of ransomware attacks. The reasons for this are twofold: Firstly, public school systems hold troves of sensitive information, including financial records, identity information, and psychological assessments of minors, which cybercriminals attempt to leverage in exchange for significant sums of money. Second, public schools often have relatively weak cybersecurity posture when compared to other potential targets of ransomware, such as banks or private businesses. 

In 2022 alone, there were 288 cyberattacks on US school systems, 7 of which occurred in Minnesota. Because there aren’t strong legal requirements governing the reporting of cyberattacks in Minnesota, the actual number of cyberattacks is likely significantly higher than this. So far in 2023, two significant ransomware attacks have already targeted Minnesota’s public school systems: an attack on Minneapolis public schools which occurred on February 18th, 2023, and another on Rochester public schools which occurred on April 6th, 2023. 

Minneapolis School Attack

In Minneapolis, a hacker group known as “The Medusa Media Team” conducted a double-extortion ransom attack against the school district; both encrypting the school system’s data and locking users out, as well as threatening to publicly leak said data if a million dollar ransom wasn’t paid. This ransom operated on a first-come-first-served basis, allowing any interested third party to purchase the data for $1 million prior to the school district. Public school officials chose not to pay the ransom, leading to student and staff data, including student and staff members’ email and home addresses, being leaked online. While classes have since resumed, the Minneapolis school district will continue to feel the fallout of this attack for some time, with upset parents and staff members leading to a difficult PR situation and questions of legal liability. 

Rochester School Attack

In Rochester, it was confirmed that an outside actor gained access to the school system’s private data on April 6th, 2023. This event fits the pattern seen in the recent Minneapolis public school ransom attack, according to Doug Levin, director of the K-12 Security Information Exchange. The attack resulted in significant missed class time, and classes were resumed without internet access following the breach. As of April 18th, almost two weeks after the attack, Rochester public schools are still unable to access their Google Workspace applications. 

How to improve cyber security

Thankfully, the dangers public school systems are facing are starting to gain more recognition, with the Minnesota House proposing an education bill providing for $35 million in grants for public schools to improve their physical and cyber security systems. In the meantime, cybercriminals pose a constant threat, with the increase in ransom attacks making it more difficult and more expensive than it’s ever been to secure cyber insurance. The good news is there are steps school systems can take now to make a successful ransom attack significantly less likely, while simultaneously making it easier and cheaper for them to secure cyber insurance coverage. 

While it will never be possible to completely rule out the possibility of a cyberattack, there are ways to make it significantly less likely to happen, and significantly less damaging should an attack occur.

A few steps to consider:

• Set up proper email security
• Use security keys as your 2FA method to prevent phishing
• Employ enterprise-grade endpoint protection
• Implement a proper backup system

These steps go a long way in protecting an organization, and are extremely cost-effective compared to the consequences of a ransom attack. Moreover, in the unfortunate event that a successful ransom attack should occur, having taken all the necessary precautions goes a long way in determining an organization’s liability in a court of law. 

So now that you have a better understanding of how to prepare for a cyber attack, what is your next step? If you work in education and are interested in bolstering your cybersecurity posture, we encourage you to reach out to us to us to start a conversation about how we can help you mitigate the risks of cyber attacks.