The number of ransomware attacks against K-12 networks continues to rise, and even more worrying is the fact that schools are paying the ransom. Ransomware attacks involve malware that encrypts important files on a victim’s computer or network that will not be released until schools pay. Unfortunately, criminals have learned that districts will pay, so they continue to highjack important data and increase monetary demands.
The Scope of Ransomware Attacks in 2022
The number of schools affected by ransomware attacks nearly doubled from 2021 to 2022. In 2021, there were 1,043 schools, which jumped to 1,981 schools in 2022. It’s important to note that we are only in May, and there have already been 50 cyber-attacks on U.S. school systems.
In October last year, the nation’s second-largest K-12 school system, Los Angeles Unified School District (LAUSD), experienced a severe ransomware attack. But even small schools and districts are at risk; no school system is immune.
The Consequences of Ransomware Attacks on Schools
For districts that fall victim to an attack, the effects can be crippling. Ransomware is growing in frequency, and attackers are demanding more money. For example, in 2021, hackers successfully breached the Broward County Public Schools network in Florida and demanded a $40 million ransom. Although the district declined to pay, fully restoring a district’s network systems and data can cost a great deal of money, time and energy. All these take funds away from programs in need, such as student and teacher mental health.
At the risk of the district’s public relations and reputation, LAUSD also refused to pay the ransom. In response, the attackers released students’ personal information online—including Social Security numbers.
LAUSD’s Superintendent Alberto Carvalho defended his decision saying: “Paying ransom never guarantees the full recovery of data, and Los Angeles Unified believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate.”
How Schools Can Prepare to Protect Themselves from Cyber Attacks
Fortunately, there are steps that all districts can take to protect their networks and reduce the risks of ransomware dramatically.
Preventing a ransomware attack requires a sound defense-first approach. Schools can have comprehensive protection by adopting a Defense-in-Depth strategy that uses multiple layers of security. We illustrate three critical elements that should be part of every school system’s Defense-in-Depth strategy.
1. Malware Protection
The most common way for ransomware to access a school district’s network is when someone clicks on a malicious URL. Instead of presenting information, the link downloads malware to the user’s computer infecting the network through a direct IP call.
The first step in protecting against a ransomware attack is using a web filtering solution to block malicious, unknown and unmanaged URLs.
An effective school web filter should extend protection against these URLs for any browser on any device, both on- and off-site. In addition, it should provide intelligent and reliable SSL decryption without overloading the network. Google now estimates that 95% of its web traffic uses the Secure Sockets Layer (SSL) encryption protocol.
2. Application Defense
Students will always try Virtual Private Networks (VPNs) or web proxies to circumvent their school’s web filter. But this exposes them to harmful content. Additionally, their bypass creates ransomware attack gateways for the school’s networks.
Using a solution that blocks malicious and unknown URLs and circumvention apps and protocols will add another layer of defense. The right solution will prevent students from accessing high-risk sites or using programs to download infected files.
3. Reporting and Analytics
Aside from blocking suspicious apps and URLs, having real-time visibility into students’ web use and all web traffic will also help prevent ransomware. Live web traffic functionality is not as common in a filter solution as you might think. But having this ability will provide granularity. All of which can help K-12 IT staff instantly identify suspicious network activity. More importantly, they can respond quickly to head off attacks in progress.
Combining multi-layer threat protection with active network monitoring provides multiple defenses against ransomware and other attacks. Impero’s ContentKeeper full-featured web filtering and security solution offers both within a single platform. In addition, it supports all devices and web browsers, playing a critical role in helping districts protect their networks from ransomware and other cyber threats.
If you want to learn more about how combining Impero ContentKeeper and our complimentary products can be the core of your Defense-in-Depth strategy, book a demo today.