Bill Conner: Ransomware Actively Targeting K-12 Districts, Municipalities


Bill Conner has always had ransomware in his crosshairs. And despite the dangerous malware somewhat fading from media interest in 2018, he knew better.

And for good reason.

First, ransomware is too effective and easy for cybercriminals to extort payment from victims and doesn’t require risky data exfiltration and subsequent Dark Web sales. Second, cybercriminals are sophisticated enough to pivot their tactics by either creating new malware variants or by finding new and easier targets.

As Conner outlines in his latest article for Forbes, “Back-To-School Lists Should Now Include Ransomware,” the summer of 2019 had both. The season featured a handful of new ransomware variants, but the big news was the targeting of both K-12 school districts and state and city municipalities.

“It’s a deliberate and strategic shift from hospitals and other soft targets to K-12 districts and schools, where security controls and technology resources aren’t as always as robust despite housing some of the most sensitive and private data,” Conner wrote for Forbes.

The summer of 2019 also witnessed one of the most tactical and widespread ransomware attacks against a single state. In August 2019, the Texas Department of Information Resources (DIR) announced that 20-plus state agencies have been infected by ransomware. According to ZDnet, the “infection is blamed on strain of ransomware known only as the .JSE ransomware.”

In fact, the last 12 months have seen ransomware attacks bring city services to a halt, including those in Arizona, Florida, Georgia, Indiana, Maryland, Nevada, New York and more.

Ransomware protection requires layered, persistent protection

It’s an old cliché, but it’s true: cybersecurity is never finished. The same goes for malware and ransomware protection, which should be an evolving and ongoing practice.

“Regardless of industry, it’s important that C-level executives continue to be proactive in promoting cybersecurity investments as ransomware and the plethora of other kinds of cyberattacks continue to evolve in sophistication and volume,” Conner wrote.

The best approach is a layered security strategy that identifies and mitigates ransomware attacks across a number of vectors. One such approach is pairing a next-generation firewall with a multi-engine, cloud-based sandbox, such as the Capture Advanced Threat Protection (ATP) sandbox.


Cost-effective for K-12 districts as well as state and local governments, Capture ATP stops unknown, zero-day attacks, including ‘never-before-seen’ ransomware, at the gateway with automated remediation. Capture ATP analyzes suspicious code to help discover and block newly developed malware and ransomware from entering your network — all in real time.

SonicWall Staff