The Education Industry Showed the Highest Ransomware Infection Rates In 2016
In a previous article, we mentioned that ransomware seems to be targeting the education industries quite aggressively. Everyone is picking up on this trend, but no-one can really expand on why that is. One can only speculate, but here are some thoughts as to why.
In 2016, Education was the industry that showed the highest ransomware infection rate. Schools are particularly easy to target currently because students and staff all have mobile phones that they bring to school, leaving the network vulnerable. Mobile ransomware has spiked drastically in the last 6 months.
Mobile Phone Ransomware
Ransomware like Fusob and Small are locker-ransomware types that lock access to your device and apps. Crypto-ransomware types are not as successful on phones because Android systems back up into the cloud and users therefore are less likely to pay the ransom because they can restore their data from their backups.
Locker-ransomware wasn’t as successful on PC’s because one could simply remove the main storage from the PC, access it via another machine and delete the locker-ransomware files. An android phone’s main storage is (in most cases) soldered onto the motherboard, so there isn’t an effective workaround – hence the increase in attacks
Is Ransomware a Data Security Breach?
It has recently been debated whether ransomware should be seen as a data breach or not. It should most definitely be treated as a breach in data security. To date, no major data leaks and ransomware attacks could be connected, but if cyber criminals have access to be able to encrypt your data, they have access to read it, and copy it, use it and sell it. One of the major concerns when data has been breached and stolen is that it would be sold on the black market. Why would it be sold on the black market one may ask? Various reasons, in order to facilitate identity theft (if you have a school record, you have a type of persona), online presence (if you have a persona, you can track that person’s online presence and possibly aim to extort more). It becomes clear that a spider web of possibilities opens up from here.
But why schools?
There are two sides to the modus operandi of a ransomware attack on a school:
- To maliciously deny access to machines, encrypt data and disrupt day to day operations.
- To gain access to student information. With academic records and personal information about students, that’s quite a lot of data that can be sold on the black market.
The majority of schools in the UK have centralized databases, or School Information Management Systems that store student, teacher and school information. Financial information about the school, medical records about pupils, personal information and addresses of both pupils and staff; all very sensitive information and very frightening when this ends up in the wrong hands. What’s worse is that when academic institutions like schools are targeted, you are dealing with minors. If this data ends up on the black market, these children become very vulnerable and exposed.
Read here how to avoid a ransomware infection.
Backup is a must!
The number one piece of advice that anti-ransomware specialists offer is to back up all data, outside of your own Local Area Network (LAN). Be sure to use a reputable cloud backup software provider. It is important that you have the ability to recover an entire system and that your backup is isolated from your network to keep it safe from the infection.
When a machine has been infected, the first thing to do is to take that device off the network and offline. This ensures that the infection can’t spread further than this device and doesn’t risk compromising other users’ data. Once the infection has been contained and removed from your environment, it’s time to retrieve your data from the secure backups.