Remote Learning Picks Up, So Do Ransomware Attacks: 6 Steps to Manage Risk


As campuses deal with virtual instruction, educational technologists must ensure they’ve considered a ransomware infection as a likely scenario for their incident response and disaster recovery plans. Here’s advice from LogRhythm’s Chief Security Officer James Carder on defending against ransomware attacks on the education sector. 

Local governments and school districts have increasingly become a top target for ransomware attacks over the years. As we have witnessed in the past few months, threat actors are still at large — implementing ransomware attacks to gain control of vital data and bring organizations to their knees. 

The increased reliance on eLearning amid COVID-19 has made schools around the nation an even bigger target for attacks because the stakes are higher and worth more money. Plus, the repercussions of a ransomware attack can do more damage to the operations of educational institutions and businesses than the cost of the ransom itself. If the ransom isn’t paid, lectures, homework assignments, testing and grading systems could be rendered totally inaccessible. 

This would effectively bring student education to a screeching halt while potentially exposing every student and teacher’s personal data within the organization. It is not just the school district that has to remain alert. Parents can also be targeted and forced to pay a ransom to get personal information and school assignments out of bad actors’ hands.

Recovery efforts from a ransomware attack could also be too long and challenging, particularly if there is significant data loss due to insufficient backups. However, paying the ransom isn’t necessarily the better strategy, as it can result in additional financial penalties from the U.S. Federal Government.

Sadly, incidents that occurred at Newcastle University and Hartford Public Schools pushed back the school year’s start. At the beginning of the global pandemic, schools had to shift their lectures and courses online, with some offering a break to students so teachers could adjust. Now, these interruptions are impacting student education and the school year’s timeline.

Learn More: CSOs: Ransomware Is the Biggest Threat in 2020, Get Your Security Act Together

6 Best Practices to Secure Remote Learning  

Bad actors are leveraging people’s interest in information on COVID-19 to get more users to engage with fraudulent emails, resulting in a major increase in successful breaches over the last year. There is an urgent need for educational institutions to implement technology solutions in combination with comprehensive education and awareness programs before it is too late. It’s important to factor in students learning from home that is seen as an easy target for hackers looking to gain access to the eLearning system and compromise the school or platform provider. 

It would be wise for educational institutions to follow the below steps to avoid falling victim.

1. Preparation 

Unfortunately, ransomware attacks are all too common. The last thing an organization should do is wait to experience its first ransomware attack before making a plan to spot the indicators of compromise (IOCs). To prepare, organizations should patch security gaps and run tabletop exercises that simulate ransomware attacks. They should also proactively implement awareness training for employees that teaches them what to look for and how to respond should they suspect their device has been infected. Finally, it is important to develop an incident response plan that is explicitly for a ransomware attack. This step will ensure organizations are equipped to successfully defend against targeted attacks that can affect broad swaths of operations.

2. Detection

It is essential for organizations to build a strong foundation by adopting endpoint technologies and other security solutions and processes that formalize their ability to detect ransomware attacks at the earliest stage possible. There are a few ways these technologies can help institutions protect themselves, including providing important context into anomalous behaviors, flagging known indicators of compromise, and accelerating threat detection and response. As cybercriminals do not stick to one signature, it is important to have more defense than just detection.

Learn More: LogRhythm CSO: Put Visibility & Monitoring at the Center of Cybersecurity Strategy

3. Containment 

Organizations need a security solution that can block and isolate the localhost from the network to prevent further encryption and ensure an isolated attack incident can’t spread. Utilizing endpoint detection and response tools that can spot ransomware happening, contain the system to prevent the spread to other systems and applications, and eradicate and reverse the system changes that occurred during the early stages of the initial ransomware attack is usually the best means of containment. However, many enterprises and educational institutions don’t currently have such a solution in place, putting them at a major risk. 

4. Continuous Monitoring 

Ransomware is not a one-time event. In fact, it can often happen multiple times to the same company. Regardless of whether an organization has had an incident or not, it is important to monitor the entire range of networks and apps across the IT landscape. With this type of constant visibility, companies know if they are compromised or secure.

Learn More: CTO Perspective: 3 Biggest Lessons From Twitter Hack

5. Eradication

If infected, it isn’t necessary to replace affected machines as long as you have the right technology in place that can revert changes back to a pre-compromised state by “cleaning” the system of the infection. Most of today’s endpoint technology and response technologies can surgically kill off the infection and allow the device to remain in use. 

6. Recovery

For recovery, the number one task is going to be restoring from backup. With good, verified backups, an organization may be down for just a few hours because of the time required to restore from backup. Lastly, organizations should launch a full investigation into what specific infection vector the attacker used against the system. 

Now more than ever before, the education industry must take a proactive approach and invest in cybersecurity solutions that automatically detect malicious behavior and enable network infrastructure to block any further access attempts. Organizations should also patch aggressively, create backups, prepare a response plan, and prioritize educational training. Cybersecurity is not just for large companies and should be appropriately funded for educational institutions.

Let us know if you liked this article on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!