Are ransomware attacks making America great again?
Information security specialists say that there are an increasing number of incidents of cyberattacks in schools or government institutions in the U.S. Just yesterday, a cybersecurity emergency declaration was released in the state of Louisiana, after the governor reported that a variant of malware had infected the computer systems of multiple academic institutions.
Now, Alabama authorities have reported a cybersecurity
incident that has compromised systems for an as yet undetermined number of
schools in the Middletown school district.
Michael Conner, school superintendent,
mentioned that this is a ransomware infection, adding that authorities have not
paid any ransom to hackers. âWe are collaborating with information
security specialists to determine how hackers entered our systems; we will also
implement a recovery process as soon as possibleâ. Two of Middletownâs six
computer systems are operating with multiple limitations.
On the other hand, Mayor Daniel Drew said local
government systems operate normally; however, the countyâs IT staff is working
to monitor, detect, and prevent potential attacks. âWe are working really
hard to prevent any new incident. The fiscal year is about to end and we cannot
allow our activities to be crippled by a computer virus,â the Mayor added.
Among the most recent ransomware
victims in the U.S. are:
- Alabama
School Districts - Oklahoma
City public schools - Montebello
Unified School District, California - Sugar-Salem
School District, Idaho - Connecticut
School Districts - Schools
and government offices in Florida - Ohio
schools - Louisiana
School Districts - Schools
in Syracuse and the Onondaga County Library, New York
Ransomware attack incidents keep affecting
government institutions, businesses and individuals across the country.
Information security specialists claim that these infections commonly start
with a phishing attack. âPretending to be an Education Department official, a
threat actor could trick members of schoolsâ administrative staff into
delivering contact information, primarily emailsâ, mentioned the experts.
The attackers then send school staff emails
with attachments waiting for the victim to download them to their devices. Once
the victims open these files, it releases a virus that blocks access to all
files on a system, demanding up to $10k USD to restore the access.
Information security specialists from the
International Institute of Cyber Security (IICS) have detected some of the most
common variants among recently detected infection cases. Although harmful capabilities
and infection methods may vary, all of these malware aim to the same goal: to
get a ransom.
The five types of ransomware most used in
school attacks in the U.S. are:
- Cryptomalware: This is a fairly common form of
ransomware and can cause great damage. One of the best-known examples is the
WannaCry variant, which in 2017 was used to attack thousands of targets
worldwide; reaching the networks of some of the worldâs largest corporations - Locker:
This type of ransomware is known for infecting an operating system to completely
block the victim from their computer, disabling access to any file or
application - Scareware: This is fake software that acts like
an antivirus or cleaning tool. Once installed, the scareware shows the victim a
message that claims to have encountered a problem on their computer and demands
a payment for its solution. Some types of scareware may even lock a computer,
while others may spam supposed security messages on the userâs screen - Doxware: Also known as leakware, this ransomware
variant threatens victims with posting online private information if the ransom
is not paid. People store hundreds, even thousands of sensitive files on their
devices (photos, login credentials, bank details, etc.), so they are highly likely
to panic and give their money away to attackers if they find messages of this
kind - Ransomware as a Service (RaaS): This is a service hosted online by
malicious actors that anyone can hire to deploy ransomware campaigns against a
particular target. When hired, hackers take care of everything they need to
achieve the infection, from malware distribution and ransom transfers, to
delivering the decryption keys
Protect your school
Although it is a basic security measure, it is
worth reminding system administrators that all computers in a school must be
protected with reliable antivirus tools with the latest updates installed.
Other tools, such as email filters, help block most emails from malicious
content. However, remember that these measures will not fully protect you, so
they must be combined with appropriated information security policies and
administrative staff awareness.
If case youâre not
100% sure:
- Donât
open any attachments or click on any links, and never forward or respond to a
suspicious message - Check
the authenticity of the email with your colleagues to see if someone else
received the same message - If
you do not have absolute certainty about the veracity or provenance of an
email, you can contact the International Institute of Cyber Security (IICS) via
e-mail info@iicybersecurity; by sending a screenshot of the suspicious
email, highly trained staff in handling cybersecurity incidents will advise you
what steps to take
(Visited 4 1 times)
Gloss