Ransomware Attack: Cybercriminals Hit California School District

Another school district – California’s San Bernardino City Unified – affected by ransomware in its computer network & servers

Cybercriminals have been doing a sweep across varies US cities and states, including schools in numerous ransomware attacks. San Bernardino City Unified School District (SBCUSD) is the latest to be impacted when ransomware struck the districts computer servers and blocked access to district files. Staff still are not able to access those servers. Ransomware attacks on schools have been increasingly sharply this year.

A local newspaper, the San Bernardino Sun, reported on the attack after SBCUSD IT staff informed law enforcement that they had been attacked. Even though the district network is affected, SBCUSD student and parent data is reportedly safe from the attack, as are other information systems such as transportation departments and nutrition services.

Without normal computer functions, student attendance is being tracked manually since the ransomware attack. Office phones are functioning but email for teachers and staff is not.

How Many School Districts Are Being Targeted by Ransomware?

According to cybersecurity research firms, 62 school districts have suffered ransomware attacks, affecting over 500 schools so far this year. This includes campuses of all sizes and college campuses as well.

Some of those attacks include one on the Rockville Centre school district in New York which paid $100K to get their data back after being hit by the 'Ryuk' ransomware in July. The payment was covered by cyberinsurance, paid to restore communications and some data. Other data was backed up.

Additional ransomware attacks on schools include:

In Kentucky, the Scott County School District lost $3.7 million via a phishing scam. They later recovered the funds.

The Unified School District in Flagstaff Arizona had to close 15 schools for two days after a ransomware strike.

In Dothan, Alabama, Houston County had their data held hostage by a ransomware attack. The school had to move their first day of school out 5 days.

Several Louisiana schools were also hit by malware across three districts, prompting the governor to declare a statewide emergency.

Connecticut had seven districts struck this year, putting them in the lead for the state most compromised so far.

Other states that have had districts affected by ransomware include Florida, Georgia, Illinois, Missouri, Nebraska, Ohio, Oklahoma, Pennsylvania (3 times), and Washington.

Ransomware Methods and Means

Phishing techniques remain common methods of attacking schools through its users, as well as remote desktop protocol (RDP) attacks targeting its computer systems. Antivirus and antimalware software isn’t effective against these any of these kinds of attacks. Schools can be easy targets because their budgets are often stretched thin and cybersecurity or IT staff may not have big funding. And they are valuable targets because of all the personal information held in school files, about students, families, finances, operations and more. Ransomware malware locks users out of their computers and servers by encrypting the files. Even without a lot of resources, schools do their utmost to protect and recover stolen data. Some campuses have purchased cyber insurance to assist them in this.

Steps to Keeping Ransomware Away from Your School

Educate Students and Staff

  • Protect the Wi-Fi network: In this time where everyone has their own devices, faculty, staff and students alike, due diligence in use of these devices is essential. One careless click can infect a device or an entire network in a moment.
  • Filter risky and suspicious sites: Many products are available for schools to filter content, websites and applications on campuses, both for student and network safety.
  • Conduct training: Schools should provide classes – physical and online – to educate the school on cyber awareness. Inform students and staff on how to detect tricks and be safer online.
  • Utilize strong passwords and authentication where applicable: Ensure those logging into school networks are who you think they are. Enforce the use of strong passwords that can’t easily be guessed by persons or machines.
  • Plan for the worst - implement reliable backup and disaster recover systems: All data needs to be protected against the unthinkable – whether it be a cyber attack, a flood or an earthquake.
  • Implement layered and reliable security solutions that can block ransomware in its tracks. Firewalls, intrusion detection systems and more can be effective for providing some malware prevention defenses. But many solutions cannot stop ransomware and zero-day attacks. See next section below for more.

Seek Legal Remedies and Government Professional Assistance

In addition to schools being under these attacks, other municipalities and city government entities have also suffered the same experience. This has gotten attention from the federal government.  The US Senate recently passed the DHS Cyber Hunt and Incident Response Teams Act.

The bill is intended to create incident response teams to help private and public entities defend against cyber-attacks, such as ransomware attacks. The bill previously passed the House floor and is expected to be signed into law soon.

Two other laws, the Public-Private Cybersecurity Cooperation Act and the Hack Department of Homeland Security (DHS), part of packaged bills, were signed into law on December 21, 2018.

These laws are intended to provide services that help operators identify and mitigate risks, recover from cyber events and the like.

Virsec Provides a Unique and Effective Remedy for Ransomware

Virsec takes a unique approach to guard-railing your applications and countering a broad spectrum of cyber attacks, including ransomware attacks.

Virsec stops remote hacking attempts, malicious code injection, memory-based fileless attacks on data and functions, and malware attacks like WannaCry, LockerGoga, Industroyer and more. Virsec blocks these attacks in milliseconds before the threats metastasize, and before automated operations and control is disrupted.

Only Virsec Security Platform Delivers:

  • Protection of application workflows, processes, file systems, libraries, memory and more at runtime
  • Precise attack remediation and automation early in the attack cycle without need for expert analysis or machine learning
  • Deterministic threat detection based on request deviations initiated by malicious code, remote hackers, files and trusted processes no matter how attacks originate.

Data breaches and ransomware attacks are the among the biggest threats against organizations today.

Our demo shows a multi-step ransomware attack in action using advanced hacking tools. See how Virsec security platform can instantly spot this attack at every stage and stop it. If you are interested in partnering with Virsec, we invite you to consider doing so – before you may face the unfortunate situation of a ransom demand or if you are in the process of recovering.

Further resources:

Ransomware Attacks Rising Against Many Cities, Striking Local Governments & School Campuses

Campus Life Security story: Why School Systems Have Become Major Targets for Cyberattackers

Virsec Ransomware Demo


Sources: ???