Ransomware Campaign Whitepaper - Education
Picture the scenario: It is the day that exams start, students are frantically cramming in their last-minute revision...
Avoid ransomware fallout:
Enabling your school to deal with the aftermath of an attack
Why ransomware might be your biggest threat
Picture the scenario: It is the day that exams start, students are frantically cramming in their last-minute revision, teachers are ensuring all is in order with vital course work and exam schedules while juggling their usual lesson plans and other classes. You go to login to your computer following a key staff meeting and the login fails. You try once more but still the problem persists; a network error is preventing you from getting into your machine. Stepping out of your office you realise that the receptionist is having the same issue, in fact all of the front-office staff are. Time to call in the IT team. Within minutes they have identified the issue, a software patch installed the previous night is causing issues and resulted in the unplanned network outage.
Not an implausible situation and although the IT team have been able to identify the issue quickly and resolve it, it’s a stark reminder of the disruption that a network outage can cause. So, what would have happened if the outage was caused by something more sinister?
The Department for Education (DfE) and the National Cyber Security Centre (NCSC) have reported a steep rise in the numbers of targeted ransomware attacks on the UK education sector in recent months, the effects of which prompted them to release an alert to all education establishments detailing the necessary steps to help prevent or recover from an attack.
The true cost of downtime
While you may have suitable security in place, handled by an internal IT team or even a third-party service provider, it is easier to infect an organisation today than it was several years ago. Ransomware attackers are using more creative, stealth-like techniques meaning traditional antivirus simply doesn’t cut it anymore and once an infection has occurred, removing it is highly unlikely. Industry experts warn it’s only a matter of time before an organisation suffers a data breach even with up-to-date endpoint protection. So, it’s a case of when, not if.
In any normal school week, losing access to the network or data will cause huge headaches, but in the current climate, where remote access and learning has become vital, losing network access even for just a few hours can be disastrous. Creating direct knock-on effects to how students can learn and how teachers teach.
WannaCry and NotPetya brought public services including the National Health Service to their knees and cost huge amounts to remediate – but for your school the cost of an outage is both to your staff, students and to your reputation as an organisation.
Ransomware is a type of malware (malicious software) that prevents you from accessing your computer (or the data that is stored on it). The computer itself may become locked, or the data on it might be stolen, deleted or encrypted.6 It can spread in many ways. Some rely on human error; others are effective with no user input. The 5 most common infection methods include:
- Email attachments – the more credible and legitimate the email looks, the more likely the recipient is to open the attachment. Once opened the ransomware is immediately deployed.
- Compromised webpage – users are encouraged to click on a URL link (often with wording that evokes a sense of urgency) that then triggers the download of ransomware.
- Malvertising – users click on an online ad believing it to be legitimate – for example an offer for free software - when in fact attackers have linked the ad to an exploit kit.
- Pirated software – software, which is unlicensed and doesn’t receive official developer updates, may come bundled with adware. As it downloads it releases the hidden ransomware.
- Infected removable hardware – connecting an infected USB drive or portable computer can lead to ransomware encrypting the local machine, and then spreading across the network.
Protecting your school: your options
Schools hold large amounts of sensitive data and now more than ever are reliant on IT systems to operate, making them a prime target for criminals. Given the continued and growing success that criminal groups have had in extorting sizeable ransoms from victims this year, ransomware attacks show little sign of slowing in 2021. So, what are your options?
- Put your head in the sand - Historically, leaders saw disruptive attacks as unlikely worst-case scenarios, and many organisations simply didn’t plan for them, blindly believing “it won’t happen to us”. You can take this approach, but it’s a ticking time bomb and almost certain to cause huge reputational damage, personally and for your school.
- Paper over the cracks – When high-profile hacking stories break, there’s a flurry of activity as concerned leaders panic that their schools may be next. DR plans are dusted off (although surveys suggest that one in four organisations never test their DR plan at all)7, and then the next organisational challenge comes along and data security’s moment in the spotlight is over.
- Confidently safeguard your school – By accepting that breaches are inevitable, and that you are never 100% secure, you can get data security to the top of your agenda. Continually investing in your data security posture (people, process, and technology) will allow you to shift beyond prevention to response and give you the best chance of rapid recovery when the unavoidable happens. For some schools it will be possible to do this in-house with existing IT staff and for others it is vital to work with specialist service providers.
Do you have a formal cyber-security incident response plan across your entire school?
Redstor rescues schools hit by £1m ransomware attack
ComputerWorld’s advice to use Redstor for data protection proved invaluable when only months later a £1 million ransomware attack paralysed Haberdashers’ five schools in Monmouth.
Not only did cyber-criminals wipe out vital files belonging to pupils and staff, they also encrypted onsite backups held on disc and tape by a leading global provider of disaster recovery solutions.
Recovering that data would have been virtually impossible, had Fred Welsby, Director of IT at Haberdashers, not taken up a recommendation from the schools' managed service provider to deploy Redstor.
"ComputerWorld has a vast amount of experience when it comes to data protection and recovery, along with helping organisations recover from major incidents such as ransomware. The fact that we had implemented Redstor gave us added peace of mind that Haberdashers’ schools’ critical data was safe and easily recoverable."
Chris Burgess, ComputerWorld
READ THE FULL CASE STUDY
Backup for education: The view from the DfE
In August 2020, the Department for Education and National Cyber Security Centre (NCSC) shared updated guidance with schools following an increasing number of cyber-attacks involving ransomware infecting the education sector.
The cyber-attacks appear to be taking advantage of system weaknesses such as unpatched software or poor authentication and “have had a significant impact on the affected education provider’s ability to operate effectively and deliver services.”
What do you need to do?
The latest guidance implicitly states the actions that all education providers should take to ensure they are protected against the effects of a possible cyber-attack or ransomware infection.
It is vital that all education providers urgently review their existing defences and take the necessary steps to protect their networks from cyber-attacks.
Along with your defences, having the ability to restore systems and recover data from backups is vital. You should ask your IT team or provider to confirm that:
- They are backing up the right data
- The backups are held offline
- They have tested that they can restore services and recover data from the backups
Read the latest advice from the NCSC.
Download the Redstor guidance
Cloud-based backup - the best last defence
Ransomware attacks exploded in 2020 targeting organisations hit hardest by the Covid-19 pandemic. The malware is here to stay and leading researcher, Cybersecurity Ventures, predicts by 2021 an organisation will fall victim every 11 seconds. So, it’s not a case of if there’s an attack, but when there’s an attack. And the number one question then is how fast can your business recover?
Protecting against ransomware is your first line of defence, however this is not always effective. And when disaster strikes, you need to be up and running as quickly as possible, restoring operational data (wherever it is) to staff and students (wherever they are) in seconds, not days. Fortunately, with cloud-based backup tools, data can be recovered in a few clicks.
6 .NCSC – Mitigating Malware and Ransomware Attacks
7 .Spice Works – Study Reveals 1 in 4 Companies Never Test DR8 Workday - 6 Top CEO Priorities and How to Address Them
Data management for an on-demand world
Data management for an on-demand world. Take it as Red.
We are disrupting the world of data management with our pioneering technology, which provides borderless visibility and on-demand access to all your data, wherever it is stored, through a single control centre.
Trusted by more than 40,000 clients and 400 partners, we use our proven, industry-leading technology to help you discover, analyse, control and protect your critical data.
Redstor is available worldwide through a network of resellers. For further information please visit www.redstor.com.