Ransomware Sends Us Back to School

Ransomware Sends Us Back to School

posted in Disaster Recovery ● 19 Jan 2017

The Education Industry Showed the Highest Ransomware Infection Rates In 2016

In a previous article, we mentioned that ransomware seems to be targeting the education industries quite aggressively. Everyone is picking up on this trend, but no-one can really expand on why that is. One can only speculate, but here are some thoughts as to why.

In 2016, Education was the industry that showed the highest ransomware infection rate. Schools are particularly easy to target currently because students and staff all have mobile phones that they bring to school, leaving the network vulnerable. Mobile ransomware has spiked drastically in the last 6 months.

Mobile Phone Ransomware

Ransomware like Fusob and Small are locker-ransomware types that lock access to your device and apps. Crypto-ransomware types are not as successful on phones because Android systems back up into the cloud and users therefore are less likely to pay the ransom because they can restore their data from their backups.

Locker-ransomware wasn’t as successful on PC’s because one could simply remove the main storage from the PC, access it via another machine and delete the locker-ransomware files. An android phone’s main storage is (in most cases) soldered onto the motherboard, so there isn’t an effective workaround – hence the increase in attacks

Is Ransomware a Data Security Breach?

It has recently been debated whether ransomware should be seen as a data breach or not. It should most definitely be treated as a breach in data security. To date, no major data leaks and ransomware attacks could be connected, but if cybercriminals have access to be able to encrypt your data, they have access to read it, and copy it, use it and sell it. One of the major concerns, when data has been breached and stolen, is that it would be sold on the black market. Why would it be sold on the black market one may ask? Various reasons, in order to facilitate identity theft (if you have a school record, you have a type of persona), online presence (if you have a persona, you can track that person’s online presence and possibly aim to extort more). It becomes clear that a spider web of possibilities opens up from here.

But why schools?

There are two sides to the modus operandi of a ransomware attack on a school:

  1. To maliciously deny access to machines, encrypt data, and disrupt day to day operations.
  2. To gain access to student information. With academic records and personal information about students, that’s quite a lot of data that can be sold on the black market.

The majority of schools in the UK have centralized databases, or School Information Management Systems that store student, teacher and school information. Financial information about the school, medical records about pupils, personal information and addresses of both pupils and staff; all very sensitive information and very frightening when this ends up in the wrong hands. What’s worse is that when academic institutions like schools are targeted, you are dealing with minors. If this data ends up on the black market, these children become very vulnerable and exposed.

Read here how to avoid a ransomware infection.

Backup is a must!

The number one piece of advice that anti-ransomware specialists offer is to back up all data, outside of your own Local Area Network (LAN). Be sure to use a reputable cloud backup software provider. It is important that you have the ability to recover an entire system and that your backup is isolated from your network to keep it safe from the infection.

When a machine has been infected, the first thing to do is to take that device off the network and offline. This ensures that the infection can’t spread further than this device and doesn’t risk compromising other users’ data. Once the infection has been contained and removed from your environment, it’s time to retrieve your data from the secure backups.

POPIA makes SA CEOs more accountable

Following a three-month delay due to coronavirus – and more than seven years after its enactment – the Protection of Personal Information (POPI) Act has finally come into force. 

Continue reading
Microsoft Teams Backup

6 reasons why you need Microsoft Teams backup

The huge uptake in Microsoft’s Teams app is yet another indication that we have changed the way we work – maybe forever.

Continue reading

Protecting G Suite data - who's responsible?

As millions of people work from home to reduce the spread of coronavirus, the adoption of cloud computing, productivity and collaboration tools such as G Suite continues to grow at a pace.

Continue reading