Ransomware targets education

Ransomware continues to be a thorn in the side of countless organizations and industries.  The FBI has confirmed a rise in this trend, especially since 2019.  One dark web listing in 2020 advertised 2,000 university credentials for sale.  This year, the agency found further evidence for multiple cybercrime forums selling credentials and VPN access to “a multitude of identified US-based universities and colleges.”  

Most recently, a breach of the LA Unified School District (LAUSD) has made the news for a ransomware attack that disrupted access to email and computers, once again highlighting the special vulnerability of data security in the education sector. 

According to The Hacker News, the ephemeral tenure of being a student and open environments of schools to foster learning are factors that make education more tantalizing targets for ransomware attackers.  Not to mention, the increase in online learning, resulting in a swirl of student and staff personal data, has also exacerbated the attack surface.  Unfortunately, the LAUSD just happens to be the latest victim.  So confident were the hackers in their success against the school that they were already brazenly offering other data for sale on the dark web, also stolen from the institution, months in advance.

Through an investigation by the FBI and Cybersecurity and Infrastructure Security Agency (CISA), we know that the cyber criminals were part of a ransomware group called Vice Society.  They used stolen credentials to gain a foothold in the network, rather than standard social engineering methods by which members of an organization are unwittingly hoodwinked into compromising security – through clicking on a phishing link in an email, for example.  The investigators have expressed the probability that the bad actors gained these credentials by exploiting weaknesses in LAUSD’s MyData application security – whether a bug, glitch or design flaw.  As usual, the hackers then used these initial credentials to assume more control. 

Application security is a continual problem for all industries, as this surge of ransomware attacks on education proves.  As we like to say at NetLib Security, “applications are like a pirate’s treasure chest, and sensitive data is the cache inside.”  In education, with the extra factor of protecting the personal information of minors, adoption and reliance of applications in normal operations gains a heightened importance than it might have in other fields.  This is where strong cybersecurity measures like data encryption become paramount, so that even if a breach occurs the data is useless to its exfiltrators.  NetLib Security’s Encryptionizer solution can provide assistance by transparently integrating application-level encryption into existing applications, with no changes required.  

Keep your institutions safe with a free evaluation here.