Ransomware Cyberattacks on schools are on the rise: What can we do?

Behind the screen, senior Drew Boone scans through his emails for the day. Boone promptly deleted a scam email congratulating him on winning the lottery and requesting details of his bank account in order to have the $5 million prize money transferred over. “Although I liked the money, I know I can’t win a lottery that I never entered,” Boone said.

Raj Jaladi

Behind the screen, senior Drew Boone scans through his emails for the day. Boone promptly deleted a scam email congratulating him on winning the lottery and requesting details of his bank account in order to have the $5 million prize money transferred over. “Although I liked the money, I know I can’t win a lottery that I never entered,” Boone said.

Cyberattacks are no longer an activity of high-profile companies and national security but have become a daily reality for schools. According to an FBI’s Alert, 57% of all reported ransomware attacks in August and September 2020 were targeted at the U.S. K–12 schools, and this is an increase from 28% for the period from January through July 2020. The average ransom was around $50,000, but the highest has crossed $1.4 million. 

Cyberattacks have hit schools and colleges harder than any other industry during the pandemicTwo school districts in Missouri had to close due to ransomware attacks this summer. 

October was Cybersecurity Awareness Month and this year’s theme is ‘Do Your Part. #BeCyberSmart.’ We can start with the question: what are we doing to keep our school safe from these cyberattacks? 

Parkway’s Chief Information Officer Jason Rooks is on the alert every minute to stop and mitigate cyberattacks as well as to provide teachers and students with safe, stable technology services.

”In such cases, someone from the outside used either a system vulnerability or a user account to access the district Information Technology (I.T.) infrastructure. Once they have access to the network they are able to extract data, deploy malware and encrypt systems,“ Rooks said. “I think the important thing we can learn from these attacks is that anyone is vulnerable.” 

School districts are at a high risk for cyberattacks due to a high volume of users that may lack security awareness, heightened use of technology and remote access during the pandemic and lack of resources to stop and mitigate attacks. 

“Protecting students and their data is meaningful work. School districts are especially vulnerable to attack due to a lack of resources. It creates a very unique challenge,” Rooks said. 

The end-user is the most common entry point for ransomware cyberattacks according to Rooks. End-users include all students, teachers, administrators, parents and everyone that is using the schools’ computer systems and network. 

“Typically it will be someone who clicks on a phishing email and enters in their credentials. This gives the attacker an entry point into the network and an opportunity to compromise other systems, “ Rooks said. 

A typical phishing email tries to create a sense of urgency and asks to do something. Rooks says an example of a common phishing attack is when the attacker sends an email pretending to be a principal using a made-up email address such as [email protected]. The attacker might say something in the email like ‘Are you there? I really need you to email me.’ When the victim replies, they will ask the person to go to the store and buy gift cards. Then they will ask the victim to scratch off the back of the gift cards and email them the numbers to redeem the cards. 

I think the important thing we can learn from these attacks is that anyone is vulnerable. School districts are especially vulnerable to attack due to a lack of resources. It creates a very unique challenge.”

— Jason Rooks

“The goal is to create a sense of urgency so that the victim doesn’t have time to think, “ Rooks said. “The whole time the victim thinks they are doing something to help the principal. This is a common attack and one we have seen be successful at Parkway. The easiest way to combat this attack is just to verify the source email address or pick up a phone and call the principal.”

Rooks encourages everyone to be skeptical of suspicious emails or websites and not to click on random website links. 

“Take the time to learn the basics of cyber security and programming. You don’t have to be a programmer, but learning the basics will help you understand how the bad guys do what they do,” Rooks said. 

Although we hear about the attacks that have caused damage, there are many that are successfully blocked on a daily basis. There are a number of different tools that schools use that block activity identified as malicious, such as anti-malware applications, as well as regular scanning and reporting. 

“We once had an entity attempt to access our data warehouse, they were most likely based in eastern Europe or Russia. They gained access to a publicly facing server through a protocol that was left on by mistake. The entity then tried to launch an application to help them gain access to other directories and services,” Rooks said. “Fortunately, the language the application was written in was not supported on the server. Also, our advanced malware protection identified the malicious activity and blocked the application and the user. In the end, our protections worked the way they were supposed to.” 

One key to keeping yourself and the school cyber safe is to educate yourself on the basics of cybersecurity and understand how to protect yourself, according to Rooks. Senior and president of the Cybersecurity club Luc LaRocca, says the club aims to promote cyber security awareness by giving students the opportunity to compete in CyberPatriot, a competition run by the Air Force Association in which students evaluate virtual scenarios for security vulnerabilities and try to fix them. 

“I joined the Cybersecurity club because I was curious about how cyber-secure I was with my personal devices. I figured if I knew a thing or two about cyber security, then I could do this. I discovered that a lot of my accounts were at risk and that everyone can become more cyber secure,” LaRocca said.

LaRocca’s three big cybertips for students are to create secure passwords for every device including your phone, use two-factor authentication on accounts that offer it and never click on a link sent by an unknown source, including a bit.ly or TinyURL.

“A simple way to do this is to think of a statement that holds meaning to you, abbreviate that, and incorporate different characters, capitalizations and numbers into it,” LaRocca said. “ If that makes it too hard to remember, try using topics from an interest of yours. For example, if you like the TV show Friends, you could use jO3y_3b4n! for one account, and bpHe0b3! for another one. This helps you to remember your passwords but still be cyber secure.”

While cybercrime grows exponentially, we are facing a severe cybersecurity talent drought, according to Forbes. A Bureau of Labor Statistics report states that the rate of growth for jobs in information security is projected at 37% from 2012 to 2022. For students that may be interested in exploring or pursuing a career in cybersecurity, Parkway has offered a semester-long cyber security course since 2018 for all interested high school students through the virtual campus.

“A student interested in cybersecurity will have opportunities in both the public and private sectors,” Rooks said. “There are a ton of great opportunities in all areas of cybersecurity.”