Cybercriminals Target Educational Institutions, Making Them a Sweet Spot for Ransomware Attacks

• Ransomware gangs use email attachments, fake websites, and existing vulnerabilities to propagate ransomware.
• Five of the attacks on education organizations this year have been conducted using Ryuk ransomware.

Educational institutions including schools and colleges have become a hot target of ransomware. A recent report from Armor has identified a total of 49 education institutions and school districts that were impacted by ransomware attacks since January 2019. While some of them resorted to paying the ransom by relying on backup data, there are a few that could not make it due to the lack of proper security measures.

What makes it a lucrative target?

The education sector presents a tempting target to ransomware gangsters for several reasons:

• Students, often engage in risky online behaviors that expose the institution to ransomware attacks.
• Custom school software and learning management systems are long overdue for updates.
• Several Wi-Fi routers are operating on default passwords.
• The highly open and interconnected nature between campuses makes it easy for malware to get distributed through multiple points. This enables the ransomware to spread quickly from student to faculty to staff PCs and servers.
• Several institutions lack the right security posture. This also includes investing in securing IT systems and networks.

The most notorious ransomware

According to reports, 5 of the attacks on education organizations this year have been due to Ryuk. It is typically proceeded by trojans like Emotet and TrickBot which lay the groundwork for network-wide compromise.

Propagation methods

Ransomware gangs use email attachments, fake websites, and existing vulnerabilities to propagate ransomware.

How widespread can be the impact?

The impact and cost of ransomware attacks have been felt widely across educational institutions, with the highest demanded ransom crossing a million dollars. For example, the Monroe College in New York was compromised in July and they were hit with a $2 million ransom. This is the highest ransom to date demanded by attackers from an educational institution.

Previously, Crowder college had suffered a ransomware attack, leaving its emails website and computers useless. The attackers had demanded a stunning $1.6 million to release control back to the college.

Fighting against ransomware

In the face of this rapidly growing threat, educational institutions should take concrete steps to protect their systems from operational disruptions due to ransomware attacks. Cybersecurity training is essential for students, faculty, and staff to counter such attacks. Multiple backups of critical data, applications, and application platforms should be followed by educational institutions to prevent themselves from paying the ransom.