Everyday school systems are facing attacks that could lead to a debilitated system and even worse, student data being compromised. A new method of attack called Ransomware is becoming an increasingly popular way for cyber criminals to extort money from companies, school districts and individuals alike. It exploits systems and user vulnerabilities to hijack your computer or files for ransom.

Ransomware does not steal your data, but instead, locks your data through unbreakable encryption until a ransom is paid. The ransom is demanded by the criminals in return for the encryption key which is created uniquely for your machine and files. The encryption key enables the victim to unlock the files and regain access to the data or computer. In other words that encryption key will only work on that particular machine. It is a very sophisticated process that can happen so quickly and unnoticed by anyone until it is too late. Regrettably, several school districts have already fallen victims to this digital crime with mixed results. Some districts were able to recover their files from backup with minimal data loss without paying the ransom, others were not so lucky and either lost the data, the ransom or both.

The encrypted files can essentially be considered damaged beyond repair. Typically, the victim is left with limited options; either pay the ransom or lose your data. Clearly, this is a bad situation to be in if not properly prepared. However, it is really nothing more than an annoyance if you are properly prepared for such a situation.

The best cure for Ransomware is diligent prevention. Once you are infected, your options may be limited, expensive and unpleasant. Therefore, a well thought-out process of ensuring data safety and maintaining safeguards will go a long way into preparing you to combat this threat.

The EVSC Office of Technology is doing their part by blocking certain types of email attachments at the mail server level. We also strive to keep our anti-virus and firewall up to date. The following safeguards and security measures are also necessary to prevent Ransomware from ever causing havoc in our organization:

  1. Keep Computers And Software Up To Date: This includes the browser and all of the plug-ins that a modern browser typically uses. One of the most common infection pathways is a malicious malware that exploits a software vulnerability. Keeping software up to date helps minimize the likelihood that your system has an exposed vulnerability on it. To ensure your EVSC computer stays up to date with all the latest security updates, RESTART your computer AND browser program at least once a week.  Updates are downloaded automatically and are installed after you restart them.  
  2. Have A Robust Backup Plan: The single most important action you can take to deal with Ransomware effectively is having a good backup of your data. The ability to recover your locked files could possibly be the only option you have. Make sure that you have a verifiable and diversified backup process. Verify your backups and ensure that there is no single point of failure with your backup process. Having your Human Resources, SIS or Financial data locked can lead to a catastrophic situation for the whole organization. The Office of Technology backs up shared files to an offsite location. It’s the end-users (teachers/staff/students) responsibility to backup local data off-network to a pen drive, external USB hard drive, or a cloud solution such as Google Drive or Dropbox.
  3. User Awareness: Almost all Ransomware software are known to spread via emails that contain attachments. Do not click on anything that may look suspicious, even if it comes from a familiar source. Pay special attention to attachments with double extensions such as filename.pdf.exe. In most cases the .exe is hidden, showing only the .pdf. This is a common practice by criminals to trick the users into believing the attachment is nothing more than a .pdf file when in fact it is an executable file. Avoid all files with more than one extension at the end and treat them with great suspicion.
  4. Restrict The Use Of Your Devices To Only Authorized People: In an office environment, keep computers locked down, so others cannot use them for a quick Web search when you are away. Use strong passwords and unique passwords for different accounts to reduce the potential risk.
  5. What Do I Do If It Happens To Me?  If your EVSC computer has been compromised because of Ransomware, do not take it upon yourself to deal with the situation.  Please contact your building tech or call the Office of Technology at (812) 435-8454.

Photo by christiaan_008

Leave a Reply