Ransomware Finds its Way into School District Network
June 13, 2016
What would you do if someone took over your network and demanded money before you had access to it again? Sounds like a bad plotline for a B-rated movie? There could be potential if the company was large and the demanded amount in the millions, but they’d have to throw in a few life-threatening situations to make it truly interesting.
For those in cloud IT, you wouldn’t need the extra challenges to get nervous over the “kidnapping” of your network. According to a report in eSchool News, Horry County Schools experienced just such a situation. The Conway, S.C.-based district managed to allow malicious software designed to block access to its computer system onto its network. The only way to eliminate the challenge was to pay a ransom of nearly $10,000.
On February 8, hackers leveraged high-level encryption to lock up the district’s data. The hackers then held that data for ransom, demanding the money be distributed via Bitcoin to gain access to the encryption key. While the district wasn’t immune to breaches in the months before the event, nothing matched the level of intensity. It’s possible that the isolated incidents reported by the cloud IT professionals in this case were merely a testing ground for the “ransomware”.
Unfortunately, attacks of ransomware are increasing. A recent PhishMe analysis suggests that during the first three months of 2016, there were 6.3 million more phishing attacks than there were in the same time period for 2015. This jump is a 789 percent increase, primarily due to the steady rise in ransomware. Whether or not Horry County Schools was paying attention to the numbers or not, the district definitely paid the price.
In this particular situation, the hackers found a way in through means not anticipated by the IT department. An old server was still being used by the construction/facility department, yet was no longer being supported or maintained by its original developer. Once they found it, the hackers installed the ransomware on this server, sat back and watched as it wrecked its havoc on teacher, student and administrative files.
Once the IT team discovered the ransomware, they shut down the rest of the network to try and reduce the spread. Unfortunately, this move did leave the 42,000-student district without access to the technology they were accustomed to using. While it may just be a slight interruption for some, this kidnapping demonstrates a weakness in the network that may leave the organization with little more leverage than access to cash.
To prevent this from happening in your own environment, time to get your cloud IT team involved in identifying any potential vulnerabilities in your system and eliminate them as soon as possible.
Edited by Stefania Viscusi
Article comments powered by