Fraud Alert – Schools targeted with Ransomware

Originally posted on 23 January 2017

As I'm sure many of you will have seen, Action Fraud have published an alert after schools across the country have fallen victim to cyber criminals who have targeted schools in a widespread "ransomware" attack. Although it has so far predominantly been state schools who have been targeted in this particular attack, I wanted to make sure all my contacts at Independent Schools were aware of what is happening, and the best ways to mitigate the risk from these types of threats, as it seems that schools are the latest perceived "soft target" for these money making cyber criminals. 

For those who aren't aware, ransomware is a form of malicious software (malware), which effectively hijacks your school's data by encrypting it, rendering it unusable by staff and pupils. The cyber criminals then demand payment of a ransom in order to provide the security key needed to decrypt your data. In the recent attack on schools this ransom has been up to £8000, but can be even higher, with some UK organisations who experienced these type of attacks last year being presented with demands in excess of £35,000! 

Schools are not alone, as research conducted in June 2016 by Ostermann Research showed that 54% of organisations in the UK had experienced ransomware attacks during the previous 12 months, and, somewhat worryingly, 58% opted to pay the ransom, which would seem to suggest that the risks around such an attack had not been fully assessed or planned for, and contrasts sharply with data from the US where only 3% of victims paid the ransom. 

So what should Independent Schools be doing to protect themselves? 

Having good system backups, which are stored off-line so that they cannot also be encrypted, is, of course vital. But having to carry out a full scale disaster recovery of the school's ICT systems should really form the last line of defence. This is something I will talk about in future articles in more detail, but it is certainly not something to be undertaken lightly; it can be highly disruptive to the school's operations and indeed, without proper preparation, there is no guarantee of total success. 

Unfortunately there isn't a piece of software or a firewall rule that will completely stop these sorts of attacks. Prevention really requires a blend of policies, staff training, plans and technologies to form a cohesive defence strategy for the school. Some of the steps we typically take with the schools who we work with include: 

• Reviewing their current systems to identify risks and vulnerabilities. 

• Working closely with the senior leadership team to define and implement a risk mitigation plan to address any vulnerabilities identified. 

• Implementing a suite of technical measures, which may include hardware, software, cloud technologies and security policies to protect the schools data. 

• Training and educating staff, particularly as these type of threats often get into a school through someone clicking on a bogus link or attachment. 

• Devising, implementing and testing contingency plans including disaster recovery plans, frequent data backups, security incident response plans and emergency operating procedures. 

Unfortunately whilst ransomware is generating such a healthy income for cyber criminals, I think it is only likely to become more prevalent, so it is best to be prepared.

Interested in finding out more about how entrustIT could help keep your school secure? Download our FREE White Paper >>