Over the past several years, the education sector has been a frequent target of ransomware attacks, or the hijacking of sensitive data by hackers for extortion. For instance, the Los Angeles Unified School District suffered a ransomware attack over Labor Day weekend that took down IT systems, including tracking software, email and data storage. The district was still able to start the 2022-2023 school year on Sept. 6 as planned.
In response to the increase in attacks, which have resulted in restricted access to networks and data, delayed exams, canceled school days, and unauthorized access to and theft of personal student and staff information, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA) to help districts take mitigation steps.
The CSA “#StopRansomware: Vice Society,” published on Sept. 8, states that the FBI, CISA, and the MS-ISAC anticipate attacks may increase as the 2022-2023 school year begins and criminal ransomware groups perceive opportunities for successful attacks.
“School districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable; however, the opportunistic targeting often seen with cybercriminals can still put school districts with robust cybersecurity programs at risk,” the CSA states. “K-12 institutions may be seen as particularly lucrative targets due to the amount of sensitive student data accessible through school systems or their managed service providers.”
Related: FBI Warns Transportation Agencies About Ransomware Attacks
Related: Beware of the Security of Things in School Transportation Technology
Related: Technology Lessons Learned From Chowchilla
Related: Illegal Passings of Stopped School Buses at ‘Epidemic Level’
First, school districts should establish and maintain strong liaison relationships with the FBI and CISA Cybersecurity Advisor in their regions. The CSA then breaks down the techniques to reduce the risk of being compromised. These consist of: Preparing for Cyber Incidents, Identifying and Accessing Management, Protecting Controls and Architecture, and Vulnerability and Configuration Management.
The CSA is reportedly part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail ransomware variants and threat actors. Advisories include recently and historically observed tactics, techniques, and procedures and indicators of compromise to help organizations protect against ransomware.
CISA officials also addressed the security of student transportation data as well as facilities at the STN EXPO in Indianapolis and Reno, Nevada, over the summer.