Back to School is Ransomware Season

 The rise of remote learning and the near ubiquitous use of online devices in the classroom has planted education squarely in the digital sphere. As a result the learning process has become more adaptive and resilient to global forces such as the Covid-19 pandemic as well as more accessible for students of all abilities than ever before. However, one of the drawbacks to an increasingly digitized educational landscape is a heightened risk of cyber attacks, particularly those that use ransomware to extort money from an organization or individuals. Schools can be especially enticing prey for this kind of crime due to the multitude of devices connected to a single system going in and out of the facility each day. The Department of Education’s guidelines for managing cyber crime risks are woefully obsolete, with no updates in over a decade. This means that the school systems lacking the means to create their own risk management plans are routinely left vulnerable. Both of these factors are part of why learning institutions of all levels are some of the most common targets of cyber crime. 

According to the Verizon Data Breach Investigations Report, incidents of ransomware doubled over the course of 2021, with this kind of attack being a part of 10% of all data breaches they observed across all sectors. In order to protect against this kind of crime it’s important to understand what ransomware actually is, so here are a few fundamental facts:

  •  Ransomware is a type of malware that’s surreptitiously installed on a device or network of device, and then encrypts the data contained on that device, thus locking the owner out.
  • Some of the ways it can be installed are by clicking a link in an email, downloading an unfamiliar file, or directly to an unsecured device via usb. 
  • The victim is told to pay a sum of money or “ransom” in exchange for the key code that will unlock the device. Paying the ransom is no guarantee that the data will be secure. A victim’s personal information can still be sold on the dark web. 
  • It is often used in conjunction with other forms of cyber crime such as phishing and identity theft.
  • Ransomware is becoming easier to employ due to the rise of RaaS or “Ransomware as as Service”, a trend where hackers will design a new ransomware program that they then sell to other cyber criminals.

While many schools and school systems have turned to cyber security systems that monitor the use of all connected devices while also blocking certain types of content, it is an unfortunate reality that no system is perfect. Threats inevitably slip through the cracks without a security approach that includes both offense and defense. The best way to create a proactive offense against ransomware attacks is to educate the students themselves about how to spot and deflect cyber attacks. 

One of Surf Wisely’s educational modules focuses entirely on ransomware because it is such a common threat to today’s students. Creating a strong foundation in personal cyber security practices in a way that engages students is the best way to ensure that they retain the information they need to keep themselves safe in the digital world. As kids return to school across the country they’re given access to laptops, tablets, smartphones, and educational apps that all communicate back to the schools central network. This access to internet ready devices is what makes remote learning possible, but it also creates millions of potential points of entry for cyber criminals to exploit. That’s why it is so important to include cyber security as a core part of any modern school curriculum from a young age.  

Protecting students of all ages, as well of the institutions they attend, from extortion and identity theft due to ransomware attacks is a key component to defending against cyber crime in general. Ransomware is becoming less difficult for criminals to employ as the skill to write the software has become unnecessary. The easiest targets are unsuspecting internet users, especially those who use devices connected to a large institution’s network. With a little bit of effort from us as parents and educators, we can teach students about the risks of digital life, and help ensure that the next generation doesn’t fall victim to the opportunistic criminals who would exploit them for profit.