Russia had scanned Crawford County to target vulnerable IP addresses . An employee who had accessed the files on this little-used server had forgotten to shut down the portal , leaving it open to the attack .
While the investigation was ongoing , a law firm with experience in these types of attacks began to handle the negotiation of receiving the decryption key . During this process , the district assumed that there was not sensitive information captured or encrypted , but also knew it needed to get access back to the files . The dilemma of whether or not to pay for the files went back and forth between district officials , the law firm and the criminals . The insurance carrier eventually paid for them .
Thankfully , none of the data was stolen and the data that was encrypted ended up not having sensitive information included .
“ It ’ s almost like they walked into our building and put a padlock on a random filing cabinet and said , ‘ you need to pay me to get the key ,’” says Dr . Glasspool .
In these situations , districts essentially have two options , says Levin . They can pay the ransomware , which doesn ’ t always guarantee that they will receive the right software key and unscramble their files , or they can try to restore their data from backups , if they have a backup available .
“ There are examples of districts that have paid , and it ’ s a day or two to get their systems back online ,” says Levin . “ Others have refused to pay , and they have not been able to restore full access for months or even at all .”
There ’ s no shortage of guidance available for districts to help prevent these types of attacks , though Levin notes that it can feel “ overwhelming ” for districts to try and tackle all of the recommendations .
“ The list is really long , it can feel expensive ; as a result , districts don ’ t start the journey of getting safer ,” says Levin . “ There ’ s no such thing as 100 % safe , but it is about reducing the odds that you will experience an incident .”
Some of the recommendations include software designed to help prevent phishing attacks and
TIPS FOR BOOSTING YOUR CYBERSECURITY
Doug Levin , head of the nonprofit K12 SIX , shares his top recommendations for preventing a ransomware or malware attack on a school district .
1 2 3 4
LIMIT DOWNLOADS . One of the top ways criminals get access to district systems is through infected attachments that an unsuspecting staff or student opens in a phishing email . Districts should implement strong screening systems that block these malicious attachments from being opened and downloaded , says Levin .
PASSWORD PROTECTION . Levin shares that it ’ s “ incredibly important ” for schools to have secure password policies that prevent password reuse , check for compromised passwords , and in the best circumstances , use multifactor authentication that requires a second step , like texting or emailing a code to a person , when logging into an account .
PATCH SYSTEMS . Many districts are underfunded , and thus , end up using older technology and software , says Levin . Because of that , it is super important for IT staff to keep their IT systems patched and up-to-date . When new security patches become available , he recommends that they be applied promptly , ideally within 30 days .
TRAINING . There ’ s always room for more staff training , says Levin . Some districts are running fake phishing tests to help train employees on how to spot a phishing email , which can help since the more sophisticated phishing attempts aren ’ t likely to be blocked by screening software . Additionally , courses on cybersecurity should also be part of your professional development plans with staff .