Michigan School District Shut Down by Ransomware

3rd January 2020 | Blog, Sticky

Ransomware attack in Richmond Michigan Schools

The Richmond school district in Michigan started off the decade on the wrong foot, falling victim to ransomware that demanded $10,000 in bitcoin. This school district had its computer systems, telephones and copiers all victimized by hackers. The districts Superintendent said “there’s no guarantee we’ll get our server files back“. Since the start of 2019, 72 school districts nation-wide have publicly reported being compromised by ransomware attacks. If 72 districts reported publicly, you can multiply that by 10x for the districts that were hit with ransomware that did not publicly disclose it (perhaps they recovered quickly enough that they did not need to)? Regardless of the overall number of school victims, what is it about educational institutions that contributes to them falling victim to these attacks?

Why Educational Facilities?

According to cyber security experts, educational institutions are desirable targets for ransomware threat actors because of two things. First, these organizations hold large quantities of sensitive data on students and employees. Second, they are an easy target to compromise. It’s the intersection of these two things that makes them a ransomware target.

What makes educational institutions an easy compromise target?

Most educational institutions do not have significant cybersecurity protections in place. In multiple CyberHoot investigations of Emotet compromises, the educational classroom computers were not even running Antivirus software in some instances! School systems often lack funding for cybersecurity programs. As a result they lack technical protections, they lack training, and they lack backups. This is the perfect storm for ransomware attacks. But this isn’t the entire story. The ultimate goal of a ransomware attack is a bitcoin payment to the hacker. Otherwise, it’s all for naught. Here’s the extra attraction by hackers to school systems. Hackers recognize that schools are public entities which cannot afford to shut down. Hackers also realize schools often carry Cybersecurity insurance with riders that will pay the ransom in a ransomware attack. Combine these two facts with the ease of targeting schools with ransomware attacks and the bullseye is squarely on their chests.

What Can or Should Be Done?

Schools in many states, such as New Hampshire, are implementing state bills, such as SB1612, that require school districts to implement cyber security protections. Many of these attacks can be prevented with awareness training of students and faculty. Schools must pair the awareness training with appropriate protective measures such as Email SPAM and Phish Filtering solutions combined with next-generation antivirus on every computer and server. Finally, educational institutions need to adopt and follow governance policies such as a Written Information Security Policy (WISP), that outlines protective cybersecurity requirements that are no longer optional or best effort. CyberHoot already helps many educational institutions accomplish their awareness training and policy governance objectives. Get ahead of incoming state requirements like SB1612. Engage CyberHoot to help you proactively train and govern your students and administrative staff today! Visit CyberHoot.com/freetrial/ for a FREE 30 day trial and start your journey to enlightenment before it’s too late.