Security Now: Connecticut school districts hardest hit in U.S. by ransomware attacks
Posted on October 9th, 2019
Internet security expert Steve Gibson led this week’s episode of his podcast Security Now! with the story, We can't get away from Ransomware.
Gibson cites a recent industry report stating, "Connecticut was hit by ransomware infections at seven school districts so far during 2019, giving them the dubious honor of being the state whose educational institutions were compromised more than any other this year."
In late August this year, the Hartford Courant and other state news outlets reported that the Connecticut Association of Boards of Education sent a letter to the 150 school boards it serves encouraging them to strengthen their cybersecurity.
"Just like with other safety concerns, districts have to be on alert, practice the protocols that are suggested by experts and do what they can to keep their computer systems and their individual computers safe," said Bob Rader, the executive director of CABE.
Gibson cited security firm Armor as pointing to Connecticut as the state with the greatest number of ransomware infections targeting school districts. In addition to schools, Gibson also notes that municipalities across the U.S. are also frequent targets of ransomware attackers. Gibson’s Security Now! transcript appears below.
What can you do to protect your personal and business data from ransomware? Here’s a short list:
- Install legitimate security updates delivered through your operating system only. Never download updates from third-party sites.
- Never solicit third-party online or telephone technical support. Never engage if you are called by anyone you do not personally know who claims to provide technical support.
- Back up your computer data frequently to at least one separate external device.
- Disconnect the external device between backups and safely store it offline.
- Inform your family, school and business colleagues about the growing threat of ransomware attack from infected websites and phishing emails.
A guide to steps you can take to protect against ransomware attack appears at Department of Homeland Security: National Cyber Awareness System.
Security Now! transcript:
The security firm Armor has been tracking ransomware attacks across the US and last week published an updated report on the state of the chaos. In total, more than 500 US schools were hit by ransomware in 2019, and just in the previous two weeks, 15 US school districts -- encompassing 100 schools -- were hit.
Armor tracked ransomware infections at a total of 54 educational organizations -- school districts and colleges -- accounting for disruptions at over 500 schools. And ransomware attacks appear to have picked up further steam in just the last two weeks, with 15 school districts (accounting for over 100 K-12 schools) getting hit in the first weeks of the new school year.
Of these 15 most recent ransomware incidents, Armor said that 5 were caused by the Ryuk ransomware.
Connecticut was hit by ransomware infections at seven school districts so far during 2019, giving them the dubious honor of being the state whose educational institutions were compromised more than any other this year. And while Connecticut was visited by the greatest number of ransomware infections targeting school districts, it was the state of Louisiana that handled the attacks the best. As we noted at the time in July, Governor John Bel Edwards declared a state of emergency in response to a wave of ransomware infections that hit three school districts. The governor's actions rallied multiple state and private incident response teams together and helped their impacted school districts recover before the start of the new school year... WITHOUT paying the hackers' ransom demand.
The Armor report doesn't specify which districts paid the ransom demand and which did not since not all this information is currently available. However, based on currently available information we know that Crowder College of Neosho, Missouri, reported receiving the highest ransom demand of all school districts, with hackers requesting a whopping $1.6 million to provide the district with the means to decrypt its systems.
And there is also some uncertainty since the level of reporting is inconsistent. The antivirus company Emsisoft reported that it had identified 62 ransomware incidents impacting US schools in 2019, that these 62 incidents took place at school districts and other educational establishments, and that they impacted the operations of 1,051 individual schools, colleges, and universities, more than double the number reported by Armor, at 500.
But regardless of the differing number of impacted schools identified and reported by Armor and Emsisoft, both show a sudden spike in the targeting of US educational institutions with ransomware. And we have previously noted the various reasons why educational districts and municipalities have been identified by attackers as ripe targets of opportunity.
We can obtain some sense for how this 2019 year compares with last year, since, according to a report from the K-12 Cybersecurity Resource Center, in 2018, only 11 of 119 cyber-incidents Security Now! #735 1 were attributed to ransomware, thus many fewer than the 54 and 62 ransomware incidents reported so far in 2019 by Armor and Emsisoft, respectively.
The only government sector targeted by ransomware MORE than schools and colleges were local municipalities, which saw 68 ransomware incidents during the first nine months of 2019.
And… In response to this summer's flurry of high profile successful and expensive attacks, last week the US Senate passed a bill named the "DHS Cyber Hunt and Incident Response Teams Act", which aims to create incident response teams for helping private and public entities to defend against cyber-attacks, including ransomware. The bill had already passed through the House, so it's expected to be signed into law by the president in the coming months.