K-12 ransomware attacks are on the rise. Here’s how to prevent them

School district networks have become the No. 1 target for ransomware attacks in the United States, according to a report from the FBI and other security agencies — with hackers exploiting the move to remote learning during the pandemic to cause significant disruptions. The report reveals how critical it is for K-12 school systems to have strong safeguards in place to protect their networks from ransomware and other malicious attacks.

As THE Journal reports, 57 percent of all ransomware attacks reported in August and September 2020 targeted K-12 school systems. That’s double the percentage for the period from January through July.

Ransomware is a type of malware in which the hacker gains access to the victim’s computer systems and holds them for ransom. The attackers demand money or else they’ll disable the computer systems they’ve gained control over or release personal data they’ve stolen — typically private student data in the case of K-12 ransomware attacks.

The FBI, Cybersecurity and Infrastructure Security Agency (CISA), and Multi-State Information Sharing and Analysis Center “have received numerous reports of ransomware attacks against K-12 educational institutions,” their joint report says. “In these attacks, malicious cyber actors target school computer systems, slowing access and in some instances rendering the systems inaccessible for basic functions, including distance learning. Adopting tactics previously leveraged against business and industry, ransomware actors have also stolen — and threatened to leak — confidential student data to the public unless institutions pay a ransom.”

In October, a Mississippi school system paid a company $300,000 to help recover data that had been captured in a ransomware attack, StateScoop reports. In July, the Athens, Texas, school system paid a $50,000 ransom to prevent its data from being leaked online. Not only are ransomware attacks costly from a financial perspective, but they’re proving to be extremely disruptive to teaching and learning — especially during the pandemic.

Ransomware attacks often occur when a student or school employee falls for a phishing scam (that is, he or she clicks on a malicious link disguised to look legitimate) or when a hacker exploits an unpatched vulnerability in a remote-access protocol. The shift to online learning during the COVID-19 pandemic has magnified the threat by increasing the opportunity for hackers to target school networks.

The first steps in safeguarding school networks from ransomware attacks are the same as they are for protecting against other forms of cyber attacks: Keep all networked computer systems up to date with the latest security patches and educate both students and employees about cyber security best practices — including how to choose secure passwords and how to recognize potential phishing scams.

School systems also need robust defenses against ransomware attacks and other malware. ContentKeeper’s industry-leading school web filter is one such defense.

A secure, cloud-based system that gives students the same protection and administrators the same comprehensive visibility and control whether students are learning inside or outside of school, regardless of what device or web browser they’re using, ContentKeeper blocks all known forms of malware.

The system also can be configured to block IP addresses linking to unknown locations and web domains that are new or very recent, which protects against newly emerging threats. In addition, ContentKeeper’s App Defender feature blocks more than 90 suspicious apps and protocols that are commonly used to circumvent web filters or surf the web anonymously. When students do this, they’re essentially poking a hole in your network that hackers can use to launch a ransomware attack or introduce other malware.

You can learn more about how ContentKeeper protects both students and K-12 networks here. And for more advice in combatting ransomware, check out the K12 Cybersecurity Center’s list of security resources — which include “Ransomware Reference Materials for K-12” from CISA.


About the Author: David Wigley Co-Founded ContentKeeper Technologies in 1997 and serves as its Chief Executive Officer. David has many years of experience in software engineering, sales and management within the Computer Security Industry.