Academic journal article T H E Journal (Technological Horizons In Education)

Schools Learn Their Lessons on Ransomware: Several Schools Have Already Been Hit with Ransomware, So Be Ready

Academic journal article T H E Journal (Technological Horizons In Education)

Schools Learn Their Lessons on Ransomware: Several Schools Have Already Been Hit with Ransomware, So Be Ready

Article excerpt

Ransomware is becoming a major issue in the world of education. When BitSight issued its report in September 2016 declaring education the biggest target for ransomware, the news put school officials on notice that they were vulnerable to this form of cyberattack.

Ransomware currently comes in two flavors: encrypting and locker. MarsJoke is one example of encrypting ransomware. This locks user data with an AES 256 encryption algorithm. Winlocker is an example of the second variety. This locks the victim out of his or her computer. In both cases, the user is commanded to pay a bitcoin ransom in order to regain access. Some schools have already learned about ransomware from experience.

* Oxford School District in Missouri suffered a data lockdown in February after a phishing e-mail infected the school system's servers with malware, encrypted files and demanded a bitcoin ransom worth about $9,000 at the time.

* Horry County Schools in South Carolina also experienced a lockout during the same period, possibly when an out-of-date server running legacy applications became infected and spread the malware to dozens of other servers on the same network.

[ILLUSTRATION OMITTED]

* In April, Follett Corp. learned schools running its software faced break-ins through unpatched versions of Destiny, the company's popular library management application. Cyber criminals took advantage of vulnerabilities in JBoss, Red Hat's middleware, to deliver the ransomware.

Unless your entire district staff is savvy to e-mail phishing, add this to your list of security concerns. The question becomes whether or not to shell out a ransom in these situations. The report hedges, mostly coming down on the side of agreeing with the FBI, which in April officially recommended not paying.

"Paying a ransom doesn't guarantee an organization that it will get its data back. We've seen cases where organizations never got a decryption key after having paid the ransom," says FBI Cyber Division Assistant Director James Trainor. "Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.