What to do if your school experiences a ransomware attack

What to do if your school experiences a ransomware attack

You’re sitting in your office responding to an email when suddenly your computer screen goes black, and an ominous message appears on your screen.

Warning: All of your files have been encrypted. Unless you transfer the following sum using Bitcoin to the bank account provided within 2 hours, you will permanently lose your files. The demanded sum will double every hour from the expiration of the deadline.

An icy chill runs down your spine. You’re in shock.

How did this happen? You thought your school’s firewall was formidable. You thought your IT team was always on the ball. You thought your school was prepared for this kind of thing.

“Where am I going to find this kind of money?” you wonder as your shock gives way to panic. “What do I tell my school community?”

Not knowing what else to do, you run out of the office and make a beeline for your I.T team, but you bump into them on the way. You look around. The monitor of every computer in the school is displaying the same threatening message.

The above scenario is terrifying, but not uncommon.

This week, a global survey revealed that schools are among the prime targets for ransomware attackers due to their lack of strong cybersecurity defences and the goldmine of personal data they hold – a finding that has some alarming implications for principals across Australia.

The survey, by global cybersecurity company Sophos, found that schools are prime targets for ransomware attacks, with 60% of both higher and lower education providers suffering attacks in 2021 compared to 44% in 2020.

Education institutions faced the highest data encryption rate (73%) compared to other sectors (65%), and the longest recovery time, with 7% taking at least three months to recover – almost double the average time for other sectors (4%).

“School leaders must ensure IT teams, students and teachers are prepared to face the growing threat of ransomware,” Aaron Bugal, Sophos’ Global Solutions Engineer APJ, told The Educator.

“Cybersecurity budget constraints coupled with a shortage of skilled cyber security operators exposes a significant risk in mitigating threats from highly skilled, funded and aggressive cyber criminals.”

Bugal said staying ahead of cyber criminals is integral to maintaining a performant educational ecosystem. 

“Schools must focus on both cybersecurity education and implement the right processes and technical controls to effect a positive security outcome,” he said.

“Anyone with access to a school’s IT environment, whether staff, students, or parents, are vulnerable to attacks, and so must stay vigilant. As part of their duty of care to the school community, principals should provide training to all users before enabling access to systems.”

Bugal said that by educating the school community on how to identify and avoid cyber threats, schools are less likely to be breached through social engineering techniques employed by hackers.

“Schools must optimize their cybersecurity to protect their community.”

Below, Bugal shares several tips for schools:

  • Ensure high-quality defenses at all points in your environment. Review your security controls and make sure they continue to meet your needs. 
  • Proactively hunt for threats to stop adversaries before they can execute their attack – this can be outsourced to a Managed Threat Response (MTR) specialist who can offer 24/7/365 protection.
  • Harden your environment by searching for and closing down security gaps like unpatched devices and unprotected machines.
  • Prepare for the worst. Know what to do if a cyber incident occurs, who you need to contact, and ensure backups are up-to-date and ready to restore.
  • Many vendors, including Sophos, offer schools special discounted pricing to ensure they can deliver uncompromised cybersecurity and support uninterrupted learning.