The Education Sector has Major Target on Their Backs…
Ransomware has been targeting educational institutions throughout this year. In January, the Los Angeles Community College District was hit with ransomware, and paid the hackers $28,000 to decrypt their files. Months later, Dorchester School District Two was infected with ransomware, and paid $2,900 to get their files decrypted. In September, San Ysidro School District was infected with ransomware and chose not to pay the ransom. By November, J. Sterling Morton High School was infected as well, but did not pay the ransom.
Those are just four examples of ransomware that has specifically targeted educational institutions this year. However, to see a full list of ransomware attacks that have taken place in 2017, click here.
Cyber criminals are not just targeting U.S. educational institutions either. According to The Telegraph, private schools in the U.K. are also being targeted. Hackers are targeting these institutions because of the high term fees ranging from $5,000 to $13,000, coupled with poor cyber security. The hackers hopes are to intercept the term payments so they receive them, instead of the school.
According to Dodi Glenn, Vice President of Cyber Security for PC Matic, there are three reasons hackers are targeting the education sector worldwide. Dodi states,
“First of all, it’s easy because students lack awareness of today’s cyber security threats. Students receive school emails and aren’t aware of the repercussions of opening an attachment. If the hacker can get them to infect a network, then they win.
Secondly, schools don’t secure their networks as well as they should. I’ve seen free anti-virus deployed at schools in the past. They don’t always have the budget for cyber security products.
Lastly, cyber criminals use threats of violence, shaming, and bullying children as an effective way of getting school officials to pay the ransom. Educational institutions know parents would be in an uproar if their child was impacted by a breach, so they would rather pay the ransom than put children at risk.”
- Education students and staff on current cyber security threats
- Keep all operating systems and programs, including security solutions, up to date
- Implement application whitelisting technology
- Disable macros
- Ensure only the appropriate staff have administrative rights
- Do not share credentials
- Backup data in real-time
- Utilize multi-layer authentication