Ransomware in education - Cribb Cyber Security

There have been numerous high-profile cases of ransomware in the mainstream news in recent years. Going after big corporations would seem to be at the top of cyber-criminals’ wish lists. However, schools and colleges are increasingly finding themselves being targeted. Today then we look at ransomware in education, to see why that may be.

What is ransomware?

Simply put, ransomware is malicious software (‘malware’) that can lock your computer and the files on it. It / these can then be released once a ransom demand is met. How does it work? The malware first gains access to a device and either encrypts the entire operating system or individual files. A ransom is then demanded. How can you minimise the risk of a ransomware attack? Implement robust ransomware protection software. Read more about ransomware.

How to detect ransomware and then protect yourself

It is far better to seek protection rather than a cure. The first step is to ensure you and your organisation are cyber aware. Being mindful of the fact you are a potential target will allow for a proactive approach. Next, consider vulnerability scans, which can help you find intruders in your system. Ensure that your computer or systems are not easy targets for ransomware. One way of doing this is to keep all device software up-to-date, meaning you will benefit from the latest security patches. Making everybody aware of the dangers posed by visiting rogue websites and opening email attachments, is crucial. Above all else, make sure you have strong preventative and contingency-based measures and processes. When it comes to ransomware, having a backup of your data is essential.

Ransomware in education

In the US in 2018, there were 10 ransomware attacks in the education sector. Fast forward to 2020 and 77 attacks took place – quite a rise. In the UK, 2018 saw 6 and 62 attacks respectively. Indeed, NCSC alerts arrived in September 2020 following a similar growth in attacks on UK-based educational institutions. There then came updates to those alerts in March, May and June of this year (2021). Below are some key take-aways from these National Cyber Security Centre releases:

  • Follow NCSC guidance on ‘Mitigating malware and ransomware’
  • UK education organisations can also sign up to the NCSC’s ‘Early Warning’ service to discover potential cyber-attacks on their network
  • Recent trends in the UK are for cyber-criminals to threaten to release sensitive data if the ransom is not paid
  • Ransomware has led to the loss of student coursework, school financial records, plus COVID-19 testing-related data
  • Attackers are increasingly targeting organisations via remote* access systems (i.e. VPNs such as Citrix)
  • Phishing emails are often used to deploy ransomware
  • Unpatched or unsecure devices are a common weakness

The next figures give an added sense of perspective to the threat ransomware poses in education:

  • In 2020, the average ransom paid by educational organisations in the US was $112,435
  • 35% of organisations paid the ransom

*CRIBB Cyber Security tip: Guard against remote-based attacks

  • Implement strong passwords
  • Use multi-factor authentication (MFA)
  • Keep software up-to-date, thus safeguarding against unpatched vulnerabilities

Ransomware is on the rise and its victims can be found in any sector. In the aftermath of the pandemic, targets in education and healthcare are particularly up. You must adopt a proactive approach to cyber security. Whether that be labelled as ‘security by design’ or ‘defence in depth’, your security strategy needs to be detailed and concise.