Education Sector Remains a Major Target for Ransomware Attacks

The education sector has been in the crosshairs of cybercriminals for years. If anything, it is getting worse. According to a study by Comparitech, almost 1000 schools were affected by ransomware in 2021, impacting about a million students. Total price tag? The estimates of the cost to education institutions is around $3.5 billion in downtime alone, not to mention the ransomware payments themselves.

In many cases, the ransom is paid. Otherwise, schools and colleges face days or weeks of shutdowns, often at critical periods such as during exam or enrollment for the new year. In some cases, these attacks are fatal. Lincoln College, attacked in late 2021 has now permanently closed its doors due to fallout from the attack that led to a lack of enrollments. To make matters worse, the college paid the ransom.

Ransomware payouts from educational institutions vary widely. They range from $100,000 to as much as $40 million. Hackers typically do their homework in advance and have become skilled in knowing the means of the institution and the business impact of being shut out of systems. They set their ransoms accordingly.

Further tactics include double-extortion attempts: hackers encrypt systems and demand a fee to hand over the encryption key. But they also threaten to post sensitive data online. This double-whammy kind of treatment has been meted out to the likes of Broward County Public Schools, Clover Park School District, Somerset Independent School District, Union Community School District, and the Affton School District. Top targets include New York, Texas, Florida, and Arizona.    

Vice Society

The most recent headlines about school cybercrime have centered around a threat group known as Vice Society. It specifically goes after K-12 school systems. It successfully breached the LA County Unified School District (LAUSD) in September 2022. Timed to disrupt the district at the beginning of the academic year, hackers hoped to extort funds due to around 640,000 students being impacted by the ransom attack.

Vice Society targets schools as they are thought to be relatively soft targets. As well as being more likely to pay a ransom due to possessing a strong desire to serve their students, they are also not known to have strong security.

At LAUSD, Vice Society exfiltrated 500 GBs of personal information. They asked for a ransom and threatened to leak sensitive personal data to the public. In this case, the school district decided not to pay up. They reasoned a) there was no guarantee hackers wouldn’t end up leaking the data and b) the money could be put to better use by funding student needs.

That is part of a growing trend. While some organizations continue to pay ransoms, a many others are now refusing to do so.

Schools Need Help

Educational institutions have been late to the cybersecurity party as their focus is always on attending to the needs of their students. But recent events have forced them to pay more attention to security. However, it is not their core competency.

Thus, schools are encouraged to seek outside help in combating cybercrime. Vendor-based Software-as-a-Service (SaaS) security offerings are widely available. Alternatively, managed security service providers (MSSPs) can provide robust security safeguards that combat ransomware, safeguard systems, and free up the IT departments within educational bodies to focus on tools and systems that serve an educational purpose.

Syxsense Enterprise offers the educational sector real-time vulnerability monitoring, automated patch management, instant remediation, and IT management across all endpoints on one console. It can scan for all vulnerabilities on any device, block communication from an infected device to the internet, isolate endpoints, and kill malicious processes before they spread. In addition, it can automatically prioritize and deploy OS and third-party patches to all major operating systems, as well as Windows 10 and 11 feature updates. It offers peace of mind for any and all desktops, laptops, servers, virtual machines, and mobile devices. Syxsense Enterprise is also available to MSPs via our MSP Partner Program.

For more information, visit: www.Syxsense.com