The Rise in Public Ransomware Attacks

From attacks on school districts to government organizations, bad actors are increasingly using ransomware to attack the public sector.

Public ransomware attacks have been on the rise for years. Even before the COVID-19 pandemic began, we were seeing major attacks on everything from individual school and healthcare systems to entire cities. In recent years, ransomware attacks have only increased in popularity among cybercriminals, with public institutions proving to be particularly appealing targets. In the face of these increasing attacks, it’s a good time to take a closer look at what exactly a public ransomware attack looks like, some of the most recent high-profile examples, and what we can learn from these attacks.


How Does Ransomware Work?

Ransomware attacks begin with a bad actor gaining unauthorized access to a computer on a network or to the network as a whole. This often happens through a phishing attack or another form of social engineering attack that tricks a user into unintentionally installing malicious software on their device. Once installed, the ransomware scans the computer’s entire local hard drive and encrypts each file on it, locking the user out of the system and preventing them from accessing those files. The files are then held as ransom, with hackers threatening to fully erase or release the sensitive information they contain if they aren’t paid an exorbitant fee before a certain deadline.

While one computer being targeted is bad enough, if the attack is stopped quickly or you have adequate protections in place, it doesn’t have to be a disastrous incident. Unfortunately, ransomware can often remain hidden for days, weeks, or even months before the formal attack is initiated. During that time, the cybercriminals can move through the network and connected systems from that initial device, accessing more data and even targeting backups to ensure the attack is as thorough as possible, all before you even realize your systems have been compromised.


Recent Public Ransomware Attacks

The last few months have seen a lot of public ransomware attacks. The most high-profile incident was the attack of the Los Angeles Unified School District over Labor Day weekend, right before students returned to the classroom. While the attack didn’t cancel classes, it did lead to significant disruption in one of the nation’s largest school districts. When the district didn’t pay the exorbitant ransom, saying ransom “never guarantees the full recovery of data” and that “public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate,” the cybercriminals released the stolen data.

Although this incident was the year’s most high-profile ransomware attack on a school district, it was far from the first. In fact, a tally found that it was the 50th attack this year on the education sector alone. Other incidents include a January attack in Albuquerque, New Mexico that forced the public school system, comprising over 140 public schools, to close for two days, and an attack on a software provider that affected the websites of 5,000 schools that used the software.

And schools aren’t the only victims of public sector ransomware attacks. Just a few weeks ago, New Jersey leaders reported a major uptick in ransomware attacks across the public sector, including attacks targeting large enterprises, small- and medium-sized businesses, and even private citizens. While the distribution methods for the ransomware consisted of fairly common approaches including malicious ads, infected email attachments, and torrent websites, many victims reported not knowing what the point of entry was, indicating a continuing lack of knowledge about ransomware and other malicious software.


What We Can Learn from These Attacks

Every ransomware attack, whether it’s a high profile public sector attack or not, presents a lot of useful information and important cybersecurity reminders for everyone from massive enterprises to individuals. It’s essential that you heed these reminders to protect yourself and your organization against future attacks. Lessons to take away from the recent attacks include:

  • Making sure to completely back up your systems regularly. That way even if you get locked out of your files and all your data is encrypted, you will still have the information stored and available for you to restore.
  • Creating a disaster recovery plan that includes ransomware and other similar attacks.
  • Educating all employees on how to identify suspicious emails and potential phishing or smishing attacks. Ensuring all firewalls are both enabled and properly configured.
  • Closing and monitoring all unused ports.
  • Requiring multi-factor authentication (MFA) for every user account, particularly those with heightened privileges.

Most important of all, you should get a professional assessment of your current network security by cybersecurity experts to identify areas of weakness and then implement whatever upgrades and adjustments they recommend.

As far as schools in particular are concerned, there is hopefully some good news on the horizon. While school administrators should all be sure to implement the steps outlined above, they may soon get some help doing that. The LA Unified School District is joining technology and education leaders in calling on the Federal Communications Commission (FCC) to “immediately authorize” the use of E-rate funds to improve schools’ IT security infrastructure. These funds, which are designed to help schools and libraries across the country increase their digital connectivity, cover a wide variety of IT purchases, but they do not, as of yet, include many cybersecurity investments. If the FCC approves this measure, schools nationwide will be able to make cybersecurity improvements that protect both students and staff without digging as far into their own budgets.


Protect Yourself From Cybercriminals with TTI

Whether you’re running a school, an SMB, or an enterprise, it’s critical that cybersecurity always remain a top priority. When planning any kind of cyber attack, including a ransomware attack, bad actors tend to look for the easiest targets. The best way to keep yourself from falling victim to them is to ensure you aren’t an easy target in the first place.

Of course, that’s easier said than done and keeping up with the latest in cybersecurity is a challenge, especially when you also need to run a school or business. At Turn-key Technologies, Inc. (TTI) we can take that challenge off your plate. We’ll assess your current cybersecurity infrastructure, identify areas for improvement, and ensure you get the right cybersecurity measures in place to protect you and your data. With 30 years of professional experience designing, installing, and securing networks against cybersecurity threats, TTI is the perfect partner to keep you protected.

Contact us today to learn more!

By Robert Elgart


Sign up for the TTI Newsletter