Three keys to preventing ransomware in K-12 schools
The number of ransomware attacks against K-12 networks continues to rise, and for the first time ever, ransomware was the most common type of cybersecurity incident targeting school districts last year, according to the K12 Security Information Exchange.
Ransomware attacks involve malware that encrypts important files on a victim’s computer or network and holds them for ransom. Most recently, the Los Angeles Unified School District (LAUSD)—the nation’s second-largest K-12 school system—was victimized by a high-profile ransomware attack reportedly involving 500 GB of data. But even small schools and districts are at risk; no school system is immune.
For districts that fall victim to an attack, the effects can be quite costly. Not only is ransomware growing in frequency, but attackers are also demanding larger and larger sums of money. Last year, hackers successfully breached the network of Broward County Public Schools in Florida and demanded a $40 million ransom. Although the district declined to pay, fully restoring a district’s network systems and data can cost a great deal of money.
Then, too, there’s the public relations hit that districts take. LAUSD also refused to pay the ransom, and in response, the attackers released students’ personal information online—including Social Security numbers.
In defending LAUSD’s decision not to pay the ransom, Superintendent Alberto Carvalho said: “Paying ransom never guarantees the full recovery of data, and Los Angeles Unified believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate.”
Fortunately, there are steps that all districts can take to protect their networks and reduce the risks of ransomware dramatically.
Preventing a ransomware attack requires a sound “Defense-in-Depth” strategy that uses multiple layers of security for comprehensive protection. Here are three critical elements that should be part of every school system’s approach.
The most common way for ransomware to infiltrate a school district’s network is when someone clicks on a malicious URL that directs them to a fraudulent web page. Instead of serving up information, the link downloads malware to the user’s computer or otherwise infects the network through a direct IP call. So, the first step in protecting against a ransomware attack is to use a web filtering solution that can block malicious, unknown and unmanaged URLs.
To protect against malicious URLs, an effective school web filter should extend protection to any browser used on any device, both on and off campus. It should also provide intelligent and seamless SSL inspection and decryption without overloading the network, as Google now estimates that 95 percent of its web traffic uses the Secure Sockets Layer (SSL) encryption protocol.
Students often try to use Virtual Private Networks (VPNs) or web proxies to circumvent their school’s web filter. Not only does this expose students to potentially harmful online content, but it creates another possible gateway for ransomware attacks to infiltrate the network.
A solution that blocks not just malicious and unknown URLs but also unwanted apps and protocols commonly used to get around the web filter provides yet another layer of defense. It prevents students from accessing high-risk sites or using programs to download potentially infected files.
Reporting and analytics
Aside from blocking suspicious apps and URLs, having full visibility into students’ web use in real time can help prevent ransomware. Visibility into live web traffic, complete with in-depth analytics and detailed reporting, can help K-12 IT staff instantly identify suspicious network activity and respond quickly to head off an attack in progress before it’s too late.
Combining multilayer threat protection with active network monitoring provides multiple defenses against ransomware and other attacks. ContentKeeper’s full-featured web filtering and security solution offers both within a single platform. It supports all devices and web browsers, playing a critical role in protecting K-12 networks from ransomware and other cyber threats.
Learn more about our solutions for K-12 education.
About the Author: Paul Hafen is an 20-year veteran in the Cybersecurity field. He’s co-founder of a security firm and has worked with hundreds of organizations on security projects. A blogger with an emphasis on malware and data loss topics, he researches and reports on the latest vulnerabilities and attacks for ContentKeeper.