Ransomware Explained: How It Works
Ransomware is a type of malware that cybercriminals use to extort money from their victims. Essentially, it encrypts a user’s systems and data, which prevents them from accessing their files until they pay a ransom in virtual currency to get a decryption key.
School districts, in particular, are easier targets for ransomware because they have systems that people need to access to do their daily work, says Amy McLaughlin, cybersecurity project director for the Consortium for School Networking. “If you can lock those systems up and lock people out, that makes you a valuable target because attackers know you’ve got to get your stuff running,” she says.
But how does ransomware spread? It generally starts with phishing emails containing malware-embedded attachments, explains Mikela Lea, principal field solution architect at CDW. If a user opens a malicious attachment, the malware is installed; it only takes one click for a device to get infected.
Cybercriminals also use social engineering, such as a fake password reset email, to trick users into installing malicious software, Lea explains. Besides phishing campaigns, attackers are also exploiting Remote Desktop Protocol and Server Message Block vulnerabilities.
Once a school district is hit by ransomware, the consequences are grave. It takes an average of 10 days for schools infected with ransomware to restore their systems, not including the time needed for full recovery and investigation, Lea says.
Moving to a remote environment has exposed schools to greater risk. For example, more students and teachers are using cloud storage applications like Google Drive and Dropbox to upload and share documents, making it easier for malware to spread, says Stephen Manley, chief technologist at Druva, a data protection and management company.
“It’s a really strong attack vector for ransomware,” Manley says. “Someone might put something into a shared drive, and everybody would simply trust it because they’re part of the same team or class. But then, when they open that document, it might be infected with ransomware, and it could spread throughout their system.”