Cybercriminals Going after K-12? Yep, It’s a Thing.

Louisiana Governor John Bel Edwards has issued a state of emergency due to a malware attack against several local schools in the Sabine, Morehouse, and Ouachita Parishes, in northern Louisiana. This is the first activation of Louisiana’s emergency support function relating to cybersecurity in the state’s history, giving the state access to some much-needed assistance from public bodies. Officials believe it is critical to respond to the ransomware attacks in a coordinated manner, which is supported by Gov. Edwards’ declaration. The state of emergency declaration authorizes Louisiana agencies, boards, commissions and officers to cooperate with actions the state takes in response to the malware attack. It also makes available state resources to Louisiana’s cybersecurity experts in an effort to assist local governments in securing their network systems, preventing future data loss.

There’s no word so far on which ransomware variant has hit the school districts or what the exact extent of damages is, but Eddie Jones, principal of Florien High School (a school in one of the three affected districts) released a statement to a local news station stating that there was unusually high bandwidth usage beginning around 4am on Sunday; Shortly afterward, investigators discovered ransomware on the school servers.

This ransomware attack is the latest escalation of a problem that has plagued Atlanta, Baltimore, San Diego, several cities in Florida, and others across the country over the last year. Cybercriminals have increasingly targeted state and local governments with ransomware tools – which infect an organization’s computer networks and lock up critical files in exchange for a ransom payment.

The declaration by the state Governor, who, two years ago created the Louisiana Cybersecurity Commission to access cyber threats, stands in marked contrast to a lack of action from other US cities and towns. “This is exactly why we established the Cyber Security Commission” Edwards stated in an interview earlier in the week, “focused on preparing for, responding to and preventing cybersecurity attacks, and we are well-positioned to assist local governments as they battle this current threat.”

Until recently, cyberattacks were limited to Colleges and Universities, but in the last year, the number of threat actors targeting K-12 schools has rapidly increased, so much so that the Department of Education issued an official warning to school districts about ransomware attacks.

Unlike private sector companies hit with ransomware, states and municipalities cannot handle their financial transactions privately as they are often forced to make their payments public. The publicity around the attacks often forces these agencies to quickly pay the attackers in order to get back online, restore sensitive data, and ultimately keep their residents happy. Unfortunately, this promise of a quick payout incites a new and painful cycle that shows no signs of slowing down.

School districts across the country should take note and invest the time and resources to ensure they have the proper cybersecurity protocols and infrastructure in place. Service providers like Managed Detection and Response (MDR) firms are an ideal way to implement the right level of protection, but without the headaches of hiring and implementing hardware and software internally, something for which so many school districts lack the appropriate resources. In any case, they need to do something and fast. K-12 may not seem like the first choice of target for a cyberattack, but they are proving far easier to infiltrate, and very profitable for the hackers.

by Callie Guenther | CYBERSOC Data Scientist, CRITICALSTART
August 2, 2019