Over the past several years, the education sector has been a frequent target of ransomware attacks – the hijacking of sensitive data by hackers for extortion. Over the recent Labor Day weekend, the Los Angeles Unified School District suffered a ransomware attack that took down IT systems, including tracking software, email and data storage.
In response to the attacks, which have resulted in restricted access to networks and data, delayed exams, canceled school days, and unauthorized access to and theft of personal student and staff information, the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA) to help districts take mitigation steps, School Transportation News reports.
The CSA “#StopRansomware: Vice Society,” states that the FBI, CISA and the MS-ISAC anticipate attacks may increase as the 2022-2023 school year begins and criminal ransomware groups perceive opportunities for successful attacks.
Experts have noted that districts with limited cybersecurity capabilities and constrained resources are often vulnerable, but even those with robust security can be targeted. K-12 institutions may be seen as particularly lucrative targets due to the amount of sensitive student data accessible through school systems or their managed service providers.
So what steps should districts take right away to attempt to stay safe, according to the report?
First, districts should establish and maintain strong liaison relationships with the FBI and CISA cybersecurity adviser in their regions. The CSA then breaks down the techniques to reduce the risk of being compromised. These include: Preparing for cyber incidents, identifying and accessing management, protecting controls and architecture, and vulnerability and configuration management.
The CSA is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail ransomware variants and threat actors. Advisories include recently and historically observed tactics, techniques, and procedures and indicators of compromise to help organizations protect against ransomware.