With the education sector now one of the most targeted industries by cyber criminals, it’s important for leaders and IT directors to understand exactly what’s coming their way. Like most security threats, schools can take steps to mitigate and ultimately prevent ransomware attacks.
Since last quarter, the education industry has seen a 17% increase in ransomware attacks, according to a recent report from cybersecurity firm GuidePoint Security. Across all sectors—mainly education, manufacturing, technology, health care, banking and finance—the organization found a 27% increase in public ransomware victims compared to the first quarter of 2022.
The “Who”
The number of ransomware organizations targeting the education sector is rather widespread, but one group remains the most “dominant” threat to K12 schools.
According to the report, Vice Society contributed to 27% of publicly reported attacks against education in the first quarter of 2023. This same organization was responsible for disrupting the network of the nation’s second-largest school district Los Angeles Unified last fall.
Recent reports revealed that the criminal group stole files containing contractors’ Social Security Numbers. Bleeping Computer reports. The district also admitted that the threat actors were active in its network for over two months.
Vice Society is known for its consistent targeting of healthcare facilities and hospitals, Wired reports. But during the pandemic, the organization and other cybersecurity threat actors pledged not to attack the public health sector, leaving K12 institutions even more vulnerable to such attacks.
Other prominent ransomware organizations known in the education industry include Lockbit, Royal, AlphV, BianLian, Clop, Stormous and Medusa, the report notes.
More from DA: Backpacks—even the clear ones—are being banned in end-of-year safety push
The “What”
Cybercriminals have various methods of making their way into school networks, but GuidePoint’s analysis reveals that “double extortion” was the most common model of operations. This is where ransomware organizations not only corrupt networks and hosts with encryption files but also exfiltrate the data, as was the case for L.A. Unified. Once that’s been done, groups will then “leverage the threat of leaking data to the public to coerce compliance with ransom demands,” the report reads.
Unfortunately, experts predict such attacks will only become more frequent.
“Based on what we’ve observed during Q1, we assess that more advanced ransomware threat actors will increasingly deploy novel coercive techniques, particularly as the fallout of existing instances generates media coverage and civil lawsuits against affected organizations,” said Lead Analyst Drew Schmitt for GuidePoint Research and Intelligence team (GRIT) in a statement.
“We can make this assessment based on the increased prevalence of these techniques in open source reporting and internal research, as well as our technical and professional understanding of business risk as it pertains to ransomware events.”
Mitigating the risk
Earlier this year, the U.S. Department of Homeland Security offered updated guidance to superintendents and their IT teams in its “Protecting Our Future” report.
In summary, the report pointed to three key areas education leaders must focus on to prevent cybersecurity threats:
- Invest in the most impactful security measures.
- Evaluate and address resource constraints.
- Prioritize communication and information sharing.
