Mar 30 2016

Solid Backup Plan Best Defense Against Ransomware at Schools

More districts are being attacked by malware intrusions, and some are fighting back.

Thursday is World Backup Day, and attention across the globe is focused on how a solid storage plan can pay dividends in the event of disaster. The event, first held in 2011, is aimed at getting agencies, businesses and individuals to back up their files, as well as highlighting common ways data can be lost and options to back it up.

Recently, hackers have been profiting from crypto-ransomware attacks — an exploit that silently locks down a server's data through high-level encryption, giving hackers the keys to the digital kingdom. Backups are the first defense against such an attack; being unprepared could cost thousands of dollars.

In a March article in The Wall Street Journal, Chris Stangl with the FBI’s Cyber Division, referred to ransomware as “a prevalent, increasing threat.” Ransomware can infect data systems through a variety of vectors, but one of the more popular methods is through malware in email. A simple misplaced click can lay waste to a network’s defenses.

In February, a Missouri school district had its data locked down in a ransomware attack. After someone on the school network fell prey to a phishing email, the district's Windows-based servers were infected with malware. To unlock the servers, the perpetrators demanded a ransom in bitcoin, a digital currency, equivalent to $8,000.

However, Oxford School District Superintendent Brian Harvey's IT team had an ace up their sleeve — a recent backup of the data on the servers — thwarting the hackers' plans, according to the news site Hotty Toddy.

"We did not pay any ransom," Harvey said. "I don’t know that it was a joint decision (to not pay). I guess it was my decision to not pay the ransom because we were able to recover the items that had been encrypted. Basically, we restored them from a backup."

The Impact of Ransomware on K–12 Districts

Despite being able to recover from the crucial backup, instruction was disrupted throughout the district while the IT staff wiped the servers and restored the data. Teachers didn't have full access to their grade books for four days, and the school's website was inaccessible for close to two weeks. Thankfully, no personal information or crucial data was compromised during the attack, according to Harvey. The events are currently being investigated by the FBI and the local police.

Around the same time, the Horry County school district, in South Carolina, suffered a similar fate — but without a backup solution. The district ended up paying $8,500 to the intruders to decrypt 25 of its servers. Administrators authorized the payment after an FBI investigation ruled "no alternative action" could resolve the situation, according to the 2016 ICIT Ransomware Report.

The district's executive director of technology, Charles Hucks, also told TV station WBTW that the district was willing to pay because the demanded amount was low compared with the lost hours the district had spent trying to resolve the problem.

In today's digital age, users have a variety of options for backing up their data. But some of these options are just as vulnerable to ransomware attacks. Backups can become infected by the same malware that locks down a system, according to a 2015 Symantec report

6 Ways to Protect Against Ransomware

The United States Computer Emergency Readiness Team lists six preventive measures to help protect systems against ransomware attacks, and secure backups top the list:

  1. Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.
  2. Maintain up-to-date anti-virus software.
  3. Keep your operating system and software up-to-date with the latest patches.
  4. Do not follow unsolicited web links in email. Refer to the Security Tip Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
  5. Use caution when opening email attachments. For information on safely handling email attachments, see Recognizing and Avoiding Email Scams.
  6. Follow safe practices when browsing the web. See Good Security Habits and Safeguarding Your Data for additional details.

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.