Schools and municipalities protect against ransomware
Ransomware, a popular type of malicious software used by hackers, has been crippling school districts, municipalities and companies across the United States.
“We've had so many districts around us either with ransomware inserted or attempted attacks, its a serious threat,” Maple Valley Superintendent Katherine Bertolini says. “We're taking it as seriously as we possibly can.”
Ransomware is a type of hack which infiltrates a computer system and encrypts data, effectively shutting down the computer network until a ransom, – usually in the hundreds of thousands of dollars – is paid to the online pirates.
“The whole point of ransomware is to ransom your data back to you, they don't even care what it is,” Barry County Information Technology Coordinator David Shinavier says. “Our information is probably not worth that much on the black market, but it's worth a lot to us.”
While the data is encrypted, much of the usual computer system work is shut down.
An August New York Times story detailed the town of Laredo, one of 22 Texas cities which were simultaneously hit by a ransomware attack this summer. A town of about 5,000 people, Laredo was forced back in time to retrieving paper records of everything from library loans to traffic citations.
“The more and more we rely on technology, the more it's a hindrance if our technology is down,” Hastings City Manager Jerry Czarnecki says.
The hackers are based all around the world, from Eastern Europe to Iran to even the United States. To keep their trails hidden, they demand payment in online cryptocurrencies like Bitcoin which are untraceable.
When major cities and corporations are falling victim to ransomware attacks, it's readily apparent that small school districts and towns are at least and maybe even more vulnerable.
“We could spend all the money in the world and still get hit, there's no silver bullet,” Shinavier says. “...It's what keeps us up at night.”
Especially ominous is that there are no guarantees for what comes back after the extorted price is paid.
“If someone were to ransom your files, even if you pay them you're not guaranteed it will be in any form you can use when you get it back,” Czarnecki says.
Most Information Technology departments have multiple layers of protection in place, including firewalls, anti-virus software and even a switch that can shut down the computer network when malware is detected to stop it from spreading.
“It takes up a tremendous amount of time and resources,” Shinavier says. “We're doing a lot, we have to.”
Thornapple Kellogg Schools Technology Director John Dombrowski says the school makes use of resources such as the State of Michigan and Kent Intermediate School District. The school also uses the Center for Internet Security's 20 Critical Security Controls as guideline.
“Our big pie in the sky is to comply with all those controls,” Dombrowski says.
But perhaps the most important form of protection against ransomware is a good data backup.
“Backups are extremely critical,” Shinavier says.
“That's going to be our failsafe,” Maple Valley IT Specialist Josh Leatherman says.
If there are backups available, IT personnel can wipe the computer systems to remove the ransomware, and replace it with data that is less than 24 hours old.
Dombrowski explains that Thornapple Kellogg has three backups. One backup is held offsite, in case of a power outage or natural disaster at the school, and another is kept disconnected from the internet to stop hackers from connecting with it directly.
Those backups will mean the schools and municipalities don't have to give in to the ransom if they can restore their system.
“Worst case, if someone ransoms our stuff we can say 'Go ahead',” Czarnecki says.
“Most places that pay their way out of those things are just going to end up running backups anyway,” Leatherman says.
Beyond all the software and hardware protections, the most important, and most vulnerable line of defense, is the person using the computer.
“The onus from a threat standpoint is now on an employee as much as on us,” Shinavier says. “Used to be you'd put anti-virus on everybody's machine and call it good, but that just doesn't cut it.”
Many ransomware attacks start with a phishing scam. The hackers send a email to multiple employees, in the hopes that one of them will click on a link or download an attachment. Once they do, the ransomware can get in the system.
An important part of the job of IT staff is to educate employees on how to avoid phishing scams.
“I always tell people to be constantly vigilant,” Dombrowski says. “I think the idea of phishing is more in the public awareness than it used to be five years ago... They are aware that there are scams out there.”
“The people that are doing this kind of stuff aren't stupid,” Leatherman says. Often the phishing attempts look real and appear to come from a person the target knows.
Many companies and agencies hire outside cybersecurity companies to perform penetration testing, in which they attempt to hack into a network to check for vulnerabilities. Some even send out their own phishing emails to see if employees will fall into the trap.
“They've had a lot of people that'll click just about anything,” Leatherman says. Some people even give their own information if the email asks them to.
Leatherman recommends employees always ask someone with IT experience before clicking on an email they're not confident is real.