School Business Affairs June 2019

38 JUNE 2019 | SCHOOL BUSINESS AFFAIRS asbointl.org management briefcase Think your district is safe from cyberattacks? The threat is real and it can be very expensive. Ransomware: Holding Data Hostage By Nan Wodarz, Ed.D. I magine learning that all your district’s computers and data have been hijacked and are being held for ransom. If you don’t pay the hackers, they will release personnel records, student information, and other classified data into the public domain. Think it could never happen to your dis- trict? Think again. The K–12 Cybersecurity Resource Center cataloged 122 publicly disclosed cybersecurity incidents affecting 119 public K–12 education agencies across 38 states in 2018, several of which involved hackers demanding money. (An interac- tive map is provided at https://k12cyber- secure.com .) Who is responsible for these breaches? The Federal Bureau of Investigation issued an alert in January 2018, reporting that “a loosely affiliated group of highly trained hackers calling themselves The Dark Overlord (TDO)” has conducted extor- tion schemes using remote access tools to breach school district networks and steal sensitive data. According to the FBI alert, between April 2016 and January 2018, “TDO was responsible for at least 69 intrusions into schools and other businesses, the attempted sale of over 100 million records containing personally identifiable information (PII), and the release of over 200,000 records including the PII of over 7,000 students due to nonpayment of ransoms” (https://info. publicintelligence.net/FBI-CyberCriminals Schools.pdf). What Is Ransomware? Ransomware is malicious software that blocks access to files or systems using encryption until the victim pays a ransom in exchange for a decryption key to unlock the files. Although ransomware is decades old, the sophistication of software has advanced significantly, allowing it to spread, evade detection, and encrypt files in increasingly complex ways. An infection often begins with an author­ ized user clicking on what appears to be an innocent email attachment. That action trig- gers an executable file that takes control of the system and accesses servers that house sensitive information, such as students’ names, addresses, Social Security numbers, birth dates, and academic performance, as well as medical and discipline records. In some cases, the hackers release data to the public in an escalating series of demands and actions until the organization pays the ransom. Ransom is often demanded in Bitcoin, a form of electronic cash or digi- tal currency. Although ransomware is decades old, the sophistication of software has advanced significantly, allowing it to spread, evade detection, and encrypt files in increasingly complex ways. These cybercriminals are successful for several reasons: (1) the speed at which they can develop this malicious software, (2) the lack of organizational information technol- ogy support that focuses on cybersecurity, and (3) the manner in which organizations back up their data. And it’s an easy way for criminals to make money. Cybercriminals collected in excess of $5 billion in 2017—up from $325 million in 2015, according to Cybersecurity Ventures. KAPTN/STOCK.ADOBE.COM

RkJQdWJsaXNoZXIy NTMyNTY4