K-12 schools are throughout our landscape in small towns and
large cities. The number of students varies per region, requiring small buildings
or one large enough for a medium-sized business. They may be located on short,
two-lane roads or primary thorough-fares. When we drive by these, we know they
are educational facilities teaching the next generation. While the primary
focus is the same for these institutions, there is another commonality. These have
some form, be it rudimentary or complex, of a network holding a mass amount of
data, managing operations where needed and facilitating email communications.
One issue with these networks has been cybersecurity. With constricting
budgets, it has become tough to get everything done as planned.
Attack
One such school is Wolcott Public Schools. The school
system, located in Connecticut was attacked successfully. The attackers
naturally had a full array of tools available to use. They chose an all
familiar one, which has proven to be very effective. Their system was
compromised with ransomware. The use of ransomware has proven itself over the
last two years to be an epidemic. The attack started in May 2019, at the end of
the school year. They, in vain, attempted to manage this issue internally.
Ransomware, with select tools, may be able to be removed by the target. This is
with very few cases with the early variants, which may still be in use. This
issue came to a tipping point and needed to be brought in front of the town
officials when they were not able to correct the issue.
Effects
The successful attack had deep-rooted effects on the school.
If this affected one user’s station, there would be a much different case. They
were forced to lock down several servers. While these were locked down, they
were not able to access or work with any of the data secured on these. Fortunately,
a portion of the files was located in other locations as back-ups. While this
sounds unpleasant, analyze through all of the learning activities that could
not occur as the files were encrypted. On the bright side, no student data was
compromised.
Remediation
This was a rather significant issue. Having data tied up and
not usable is problematic for anyone. With the school district, there are
timelines involved with reporting data to the state and possibly federal
agencies. Post-detection, the school district did contact the FBI after the
ransomware. The focus with this, naturally, was who was behind the ransomware
attack.
As noted, the affected systems were shut down for all
purposes. Once the school IT workgroup decided they were not going to be able
to fix the issue, they consulted with the Wolcott Board of Education. The risks
and benefits of paying the ransom were discussed and debated. The Board of
Education approved the ransomware payment by a vote of 6 to 1. The hope was to
secure the decrypt key. The amount noted for the payment was up to the amount
the town charter would allow, or $9,999. This was the ceiling amount. An amount
greater than this would require a bidding process, and an extended amount of
time, which is something they did not have. Without the ransom being paid and
the decrypt key is provided, a portion of the middle and high school files
would not be usable in any form. In this incident, of the schools in the
district, the high school, middle school, and central office only had a back-up
server.
Comments & Concerns
Ransomware has become an epidemic. This has become a massive
issue across many industries. Any business connected to the internet is
susceptible to this. One fact not covered in the publications is the method of
infiltration. This may have been an employee clicking on a link or file,
inviting the malware in through the front door, and allowing it to scurry about
in the network. Ransomware training is a necessity in this day. The employees
need to know what to look for as a constant reminder. In the case of an
individual oversight, which generally is a detriment to such a significant
level, the employees need to know what to do.
Resources
Backus, L. (2019, August 30). FBI probes hacking of CT
school’s computer. Retrieved from https://www.ctpost.com/local/article/FBI-probles-hacking-of-CT-school-s-scomputers-14401437.php
Data Breaches. (2019, August 30). Cyber attack affects Wolcott
public schools. Retrieved from https://www.wfsb.com/news/cyber-attack-affects-colcott-public-schools/
WFSB. (2019, August 30). Cyber attack affects Wolcott public
schools. Retrieved from https://www.wfsb.com/news/cyber-attack-affects-wolcott-public-schools/
Johnson, K. (2019, August 28). Ransomware attack targets Wolcott
public schools. Retrieved from https://www.nbcconnectictu.com/news/local/Ransomware-attack-targets-wolcott-public-schools-558610611.html
Passmore, S. (2019, August 30). Board passes motion to allow
Wolcott superintendent to pay ransom after cyber attack. Retrieved from https://www.weny.com/story/40985421/board-passes-motion-to-allow-wolcott-superintendent-to-pay-ransom-after-cyber-attack
No comments:
Post a Comment