Ransomware Attacks: The New Snow Day for Education Sector?


March 28, 2023

World map

CISA recently warned about the growing risk to the education sector from ransomware attacks, noting that groups like Vice Society disproportionately target schools. CISA released updated guidelines for K-12 organizations, but guidelines don’t protect systems and they don’t pay for security boots on the ground.

“The federal government recently warned that K-12 schools face a growing threat from cyber groups. According to the FBI, school districts often have limited cybersecurity protections, which makes them even more vulnerable. The FBI also says it anticipates the number of threats to increase” Security Intelligence reports.

“Instead of snow days, students now get cyber days off. Cyberattacks are affecting school districts of all sizes from coast-to-coast. Some schools even completely shut down due to the attacks.”

Takeaway: Ransomware attack trends that include the theft of sensitive data will continue unabated until the profit motives for the threat actors are eliminated. This is organized crime we are dealing with; they only care about bringing pain to victims for their own financial gain.

Ransomware groups continue to victimize the education sector simply because they are easy targets. The fact is that schools lack the appropriate funding to stand up and maintain even a basic security program, let alone one that can go head-to-head with highly skilled threat actors.  

Combined with the fact that legacy security tools that are within the means of the education sector, like Antivirus and NextGen Antivirus are simply not designed to address the unique threat that ransomware presents. These factors together are why we keep seeing disruptive ransomware attacks causing school closures due to ransomware attacks.

And even if they had better endpoint protection solutions to assist them, they would still lack the staff to properly manage them and realize any benefits in protecting their infrastructure. Worse yet, these students whose personal information is stolen will continue to be at risk of identity theft and financial fraud well into the unforeseeable future.  

To protect themselves and their students, EDU organizations must reevaluate what kinds of data they collect and store, for how long and pinpoint where it’s stored. Eliminating the unnecessary storage of sensitive data will make EDU organizations a less attractive target to attackers and help reduce risk.

Since the options for detection and prevention are limited for the education sector, they should also focus on implementing a resilience strategy and assume they will be the victim of a ransomware attack and have the contingencies in place to recover as quickly as possible. This approach includes endpoint protection solutions, patch management, data backups, access controls, staff/student awareness training, and organizational procedure and resilience testing to be successful.

Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.