Popcorn Time, WannaCry, Fireball, Spectre — all are funny names, but these recent examples of ransomware are no laughing matter. Fortunately, IT professionals in K—12 school districts have several options available to help keep their districts’ networks safe.
Backups are the first defense to keep hackers from profiting from a ransomware attack — a strike that locks down a server’s data through high-level encryption. Being unprepared could cost a district significant time and money.
Last September, the United States Computer Emergency Readiness Team and the Canadian Cyber Incident Response Centre advised users and administrators alike to perform regular backups of all critical information and store them on an offline device or computer. Obviously, the more recent the backup, the quicker the recovery process, should a K–12 school district fall victim to such an attack.
US-CERT and CCIRC also advise users and administrators to maintain current versions of both operating system and anti-virus software, and to keep abreast of any patches released in response to any new forms of ransomware. Directives should be issued against following unsolicited web links in email and opening suspicious email attachments, and users must be taught to adopt safe practices when browsing the internet, they say.
In a separate statement, security software heavyweight Symantec has nearly identical recommendations on ransomware but stresses the importance of staying up to date with software.
“Remember, with the thousands of new malware variants running every day, having a set of old virus definitions is almost as bad as having no protection,” Symantec states. The company urges caution when selecting backup storage locations, because backups are just as vulnerable to ransomware attacks.
Microsoft has also weighed in on the issue. Computers running Windows should have legal copies of the operating system installed, and they should be registered. Microsoft won’t be able to send updates, including security patches, to anyone using pirated versions of the OS.
The software giant adds that users who take advantage of public Wi-Fi should select the public network setting on the computer when they connect. That setting will close a number of vulnerable software ports.
The No More Ransom (NMR) project (a joint initiative of the National High Tech Crime Unit of the Netherlands’s police, Europol’s European Cybercrime Centre, Russia’s Kaspersky Lab and Intel Security) suggests enabling the “show file extensions” options on Windows computers and recommends quickly disconnecting any computer or device suspected of being infected from the internet or any network connections.
US-CERT says victims should always report ransomware attacks to the FBI’s Internet Crime Complaint Center. One final note: Experts say do not pay the ransom if a system is infected. The NMR website instructs users and administrators to “trust no one … literally.”
“If the ransom is paid, it proves to the cybercriminals that ransomware is effective,” the site states. “As a result, cybercriminals will continue their activity and look for new ways to exploit systems that result in more infections and more money on their accounts.”