PSBA Bulletin September/October 2021 September/October 2021 - Page 15

Russia had scanned Crawford County to target vulnerable IP addresses . An employee who had accessed the files on this little-used server had forgotten to shut down the portal , leaving it open to the attack .
While the investigation was ongoing , a law firm with experience in these types of attacks began to handle the negotiation of receiving the decryption key . During this process , the district assumed that there was not sensitive information captured or encrypted , but also knew it needed to get access back to the files . The dilemma of whether or not to pay for the files went back and forth between district officials , the law firm and the criminals . The insurance carrier eventually paid for them .
Thankfully , none of the data was stolen and the data that was encrypted ended up not having sensitive information included .
“ It ’ s almost like they walked into our building and put a padlock on a random filing cabinet and said , ‘ you need to pay me to get the key ,’” says Dr . Glasspool .
In these situations , districts essentially have two options , says Levin . They can pay the ransomware , which doesn ’ t always guarantee that they will receive the right software key and unscramble their files , or they can try to restore their data from backups , if they have a backup available .
“ There are examples of districts that have paid , and it ’ s a day or two to get their systems back online ,” says Levin . “ Others have refused to pay , and they have not been able to restore full access for months or even at all .”
Prevention techniques
There ’ s no shortage of guidance available for districts to help prevent these types of attacks , though Levin notes that it can feel “ overwhelming ” for districts to try and tackle all of the recommendations .
“ The list is really long , it can feel expensive ; as a result , districts don ’ t start the journey of getting safer ,” says Levin . “ There ’ s no such thing as 100 % safe , but it is about reducing the odds that you will experience an incident .”
Some of the recommendations include software designed to help prevent phishing attacks and


Doug Levin , head of the nonprofit K12 SIX , shares his top recommendations for preventing a ransomware or malware attack on a school district .

1 2 3 4

LIMIT DOWNLOADS . One of the top ways criminals get access to district systems is through infected attachments that an unsuspecting staff or student opens in a phishing email . Districts should implement strong screening systems that block these malicious attachments from being opened and downloaded , says Levin .
PASSWORD PROTECTION . Levin shares that it ’ s “ incredibly important ” for schools to have secure password policies that prevent password reuse , check for compromised passwords , and in the best circumstances , use multifactor authentication that requires a second step , like texting or emailing a code to a person , when logging into an account .
PATCH SYSTEMS . Many districts are underfunded , and thus , end up using older technology and software , says Levin . Because of that , it is super important for IT staff to keep their IT systems patched and up-to-date . When new security patches become available , he recommends that they be applied promptly , ideally within 30 days .
TRAINING . There ’ s always room for more staff training , says Levin . Some districts are running fake phishing tests to help train employees on how to spot a phishing email , which can help since the more sophisticated phishing attempts aren ’ t likely to be blocked by screening software . Additionally , courses on cybersecurity should also be part of your professional development plans with staff .
September / October 2021 PSBA Bulletin 13