As seen on eSchool News

Beware of ransomware: Here’s how to protect your district

3 important steps and some free resources to help prevent cyber-abuse

By Sam Curry
chief security officer, Cybereason July 12th, 2018

A new, disturbing pattern has cropped back up that is reminiscent of some nasty behavior from the early days of Internet nefarious exploits: targeting schools and students and the innocent. Ransomware attacks have been making headlines in recent months—particularly as a threat to K-12. Both Roseburg (OR )Public Schools and Leominster (MA) Public Schools were two of the latest victims of cyber-abuse.

A history of hacking
21 years ago, I got a call at my first internet security startup company (Signal 9 Solutions, later acquired by McAfee) asking for help; a woman’s son had cognitive challenges and disabilities, and she thought he was the victim of hacking. She had seen a news piece about cyberhacking, and she thought this might be a case.

At the time, we focused on enterprise sales and cryptographic solutions, but we had accidentally invented the personal firewall for telecommuting, put a beta version of this new standalone personal firewall on our website, and started a forum talking about it.

I decided to look into it, and I’m glad I did. Not only did I find some great people and ultimately help a lot of them, but I also found a nasty training ground for hackers cutting their teeth. In those days, there was a tacit credo among those of us who knew how to hack: We didn’t go after bystanders or those who didn’t know what they were doing. Even in those days, nation states and criminals were doing bad things online, but amongst most of us the creed was important. Harry Potter wasn’t a thing then, but the message today would translate as “Don’t use magic to harm muggles.”

And sure enough, that’s what we found: silent victims who couldn’t speak for themselves or understand why a computer was behaving so unpredictably. Script kiddies and wannabe hackers were plying their trade in the least risky and most vile of places.

And this continues today.

The current state of hacking
Recently, there has been a rash of attacks on K-12. The reasons are simple and straightforward. These are not attacks for big dollars, generally, because most students and most schools don’t have much money. Sometimes, it’s attempted identity theft, pedophiles, or trolling. Sometimes it’s even accidental (a school or student group is targeted as an afterthought).

And sometimes it’s the old specter of cowardly script kiddies and wannabes looking to test out their infrastructure, malware, or scheme somewhere that can’t defend itself or even draw much attention.

How to protect yourself
There are some critical things all institutions should do, even with limited resources. Naturally budget and talent are questions, and there are some cool new initiatives and companies like Sightline Security, an organization missioned to help non-profit organizations identify, measure, prioritize, and improve their current state of information security, but it doesn’t take a security department to start building resilience and hardening systems and services.

1. First, look to prevention.
The best health is the ability to bounce back with as little downtime as possible, and the ability to do backups and to verify recovery and restoration is important. Drill the basics into employees by sharing advice in meetings, such as “don’t download software from dubious sources” and “don’t open email attachments that you aren’t expecting.” Lastly, there are free ransomware-protection tools like Cybereason’s RansomFree or Trend Micro’s Ransom Buster.

2. Next, get to know some of the local security community.
Ask people from local meetups, regional vendors, ISACA, or law enforcement to come and have a chat. Critically, know who you will call for help when things go wrong or there is an attack.

3. Finally, immediately isolate infected machines to minimize additional files and shared folder encryption.
The presence of malware can indicate a deeper presence, so don’t allow malware to get communications or updates. Take it offline and notify all users to be cautious.

I hope the horrors of the past go by the wayside and don’t rear up again. I don’t advocate vigilantism or hack-back in any way, but I do hope that those who intentionally target K-12 get a special kind of karmic payback. The best way to not be an accidental victim is to realize that we in the security community are here to help even for (and perhaps especially for) those who don’t have the budgets and departments to get help from anyone else.

About the Author:

Sam Curry, chief security officer of Cybereason, is an IT security visionary with over 20 years of IT security industry experience. Curry served as chief technology and security officer at Arbor Networks, where he was responsible for the development and implementation of Arbor’s technology, security, and innovation roadmap. Previously, he spent more than seven years at RSA (the Security Division of EMC) in a variety of senior management positions, including chief strategy officer and chief technologist and senior vice president of product management and product marketing.

eSchool Media uses cookies to improve your experience. Visit our Privacy Policy for more information.

Looking for some help?

Would you like to have an eSchool Media team member contact you?

Leave your details for more information