A Hard Study in Ransomware: Education Being Held Hostage

There’s been a dramatic rise in ransomware attacks on educational institutional networks, whether K12 schools and districts or higher education colleges and universities. Academic and administrative services have been locked up, and cumulative ransomware costs running in the millions.

According to the mid-year update of the 2019 SonicWall Cyber Threat Report, despite overall declines in malware volume, ransomware continues to pay dividends for cybercriminals. All told, global ransomware volume reached 110.9 million for the first half of 2019, a 15% year-to-date increase.

Ransomware targeting schools, colleges more than a trend

Apart from the direct financial damage caused by ransomware attacks (for example, the Rockville Center School District paid $88,000 in ransom), the inability to access computer systems paralyses the academic institution. The cost of the damage only accelerates the longer the university is unable to send emails, record working hours or allocate classrooms and study resources, including university computers and internet access necessary for many learning activities.

Educational institutions that refuse to pay can be incapacitated for extended periods of time — like Walcott County, Connecticut, which suffered a ransomware attack three months ago and was locked out of its affected devices until early September 2019, when the ransom payment was finally approved by the county board. In other cases, districts chose to rebuild infected systems and were similarly delayed.

“It’s a deliberate and strategic shift from hospitals and other soft targets to K12 districts and schools, where security controls and technology resources aren’t as always as robust despite housing some of the most sensitive and private data,” SonicWall President and CEO Bill Conner wrote for Forbes. “It’s so common now that discussions about ransomware attacks have moved from the board room to the principal’s office and PTA meetings. But conversations need to turn into action.”

The infamous Emotet malware has also been striking schools, with attackers using spearphishing to infect systems with the malware trojan. As many services are now entirely computerized, this can even affect infrastructure like heating and cooling, cafeteria services and security systems. The K-12 Cyber Incidents map provides a graphic overview of just how widespread the problem is.

As noted by SonicWall technology partner Sentinel One, last September, just when teachers, parents and children across the nation were looking forward to the beginning of the school year, parents in New York’s Orange County received an unwelcome announcement. The superintendent of Monroe-Woodbury school district had been forced to inform them that the school would remain closed as a result of a cyberattack that had disrupted the district’s computer systems.

Monroe-Woodbury is just one of the many schools and educational institutions in the United States and throughout the world whose operations have been disrupted by cybercriminals. Earlier, in the summer, Rockville and Mineola school districts were targeted with Ryuk ransomware. In all, over 500 attacks against U.S. public schools have been reported in 2019 to date.

In addition, many U.S. universities and colleges have suffered from ransomware attacks, information leaks and email hacking in the past year. Universities and academic institutes are being targeted by more sophisticated attackers interested in stealing the intellectual property (IP) and research data that they produce.

Ransomware locked onto schools globally, too

The situation in other parts of the world is as bad. In Australia, the head of the local intelligence agency was recruited to inform universities about cyber threats and ways of prevention. This was one of the initiatives put in place after an extremely sophisticated threat actor compromised ANU and persisted within the university’s network for months at a time.

In the U.K. in April 2019, penetration testing conducted by JISC, the government agency that provides many computerized services to U.K. academic bodies, tested the defenses of over 50 British universities. The results were unflattering: the pen testers scored 100% success rate, gaining access to every single system they tested. Defense systems were bypassed in as little as an hour in some cases, with the ethical hackers easily able to gain access to information such as research data, financial systems as well as staff and student personal information.

Ransomware analysis: common threads

It is no coincidence that universities are among the most attacked. Higher education institutions manage substantial sums of money, store personal information for students and teachers and connect with many external bodies and providers and, of course, parents, who primarily communicate with the school via email. This means that the school has a very large attack surface.

“It is too easy to demand and receive ransom payment without the risks associated with traditional data exfiltration,” Conner said when more than 20 Texas state agencies were affected with ransomware. “Until organizations are serious about ransomware protection, these types of wide-reaching ransomware attacks will, unfortunately, continue. As we’ve witnessed past year, ransomware attacks are highly disruptive. Today’s distributed networks can be compromised in minutes. Everyday operations are then held for ransom at high costs.”

Coupled with enticing rewards is the fact that students make for easy victims of phishing scams, too. Students’ lack of experience combined with a tendency to use simple passwords across multiple services makes them prone to credential harvesting and password-spraying attacks. In one incident in September 2019, over 3,000 Kent State student emails were hacked in this way. In addition, the awareness of parents, teachers and faculty regarding cyber risks is often much lower in education than in other sectors.

Ransomware no longer infects a singular device but often multiple devices with the intent to infect the entire network. First made infamous with the WannaCry attack, ransomware authors now try to leverage vulnerabilities like SMB in Windows to spread to other drives. Not all computers are up to date and this leaves an opportunity to not only infect that device but to also infect others.

Some academic institutions are rich in data and poor in security, which makes them a prime target.  They also have student information, including grades, which are vital to their future endeavors, plus some jurisdictions must keep this data for up to 100 years.

Institutions that worked to digitize older records — and without proper backups in place — may be at risk of losing this data or having to go back and digitize them again. Educational organizations must continually keep everything backed up with those backups off the network whether it is on LTO tape or in the cloud.

Further exacerbating the security situation is that educational establishments typically have limited staff dedicated to security. Unlike banks, schools typically do not have dedicated information security personnel who are engaged in 24/7 protection.

‘You’ve got ransomware’

Most ransomware attacks come unsolicited in email. They come in attachments with subject lines such as:

  • Here is my resume
  • This is an unpaid invoice
  • Here is the invoice for your flight, package, etc. (in hopes people will be shocked into thinking their credit card info was stolen).

Malicious URLs are also used. They will look like real URLs but lead to other places on the dark web. Common subject lines are:

  • Your card has been charged, please review
  • Is this you in this video?
  • Your package has arrived

Ransomware protection: best practices

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) recommends the following precautions to protect users against the threat of ransomware:

  • Update software and operating systems with the latest patches. Outdated applications and operating systems are the target of most attacks.
  • Never click on links or open attachments in unsolicited emails.
  • Backup data on a regular basis. Keep it on a separate device and store it offline.
  • Follow safe practices when browsing the Internet.

CISA also recommends that organizations employ the following best practices:

  • Restrict users’ permissions to install and run software applications and apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through a network.
  • Use application whitelisting to allow only approved programs to run on a network.
  • Enable strong spam filters to prevent phishing emails from reaching the end users and authenticate inbound email to prevent email spoofing.
  • Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.
  • Configure firewalls to block access to known malicious IP addresses.

In addition, SonicWall suggests the following best practice steps:

Unfortunately, with differing approaches on responding to ransomware demand being driven by budget and resources, cybercriminals have found education to be a lucrative target for ransomware attacks. While these ransomware attacks are widespread, there are commonalities to consider. It is critical to be prepared by implementing known best practices and the latest ransomware countermeasures.

The E-rate ‘Fear Less’ Solution

The E-rate program is critical for K-12 organizations that lack the funding to procure appropriate technology, such as networking and cyber security solutions (e.g., firewalls, wireless network security, etc.). But understanding the program — as well as confirming your E-rate eligibility — can be daunting.

Episode 3: The E-rate Fear Less Solution

On the third episode of the E-rate Fear Less series, Komplement CEO Holly Davis discusses school eligibility, discounts levels and the competitive bidding process.

E-rate discounts are based on the category of service requested, level of poverty, urban/rural status of the population served and the level of participation of students in the Nation School Lunch Program (NSLP).

  • School districts derive their discount, for purposes of determining their level of poverty, from the total percentage of students eligible for the NSLP in the school district.
  • Libraries derive their discount, for purposes of determining their level of poverty, from the NSLP eligibility percentage of the public-school district in which the main branch of the library is located.
  • Rural discount eligibility is determined at the school district or library system level. If more than 50 percent of the schools in a school district or libraries in a library system are considered rural, the district or system is eligible for the rural discount. Note: Non-instructional facilities (NIFs) are not included in this percentage calculation.

Once eligibility is confirmed, it is very important to understand that the government requires a fair and competitive bidding process. Please contact a SonicWall E-rate expert to help guide your organization through the rules and guidelines of the E-rate process.

E-rate technology discounts with SonicWall

Applicant Steps & Resources

Prep: Before You Begin
Step 1: Competitive Bidding
Step 2: Selecting Service Providers
Step 3: Applying for Discounts
Step 4: Application Review
Step 5: Starting Services
Step 6: Invoicing

Resources provided by USAC

SonicWall network and cyber security solutions meet the needs of school districts at the highest efficacy — all at price points that fit within K12 budgets.

If you are utilizing E-rate funding to assist you in buying your networking and cyber security solutions, SonicWall can help. Our team of E-rate funding experts ensure your SonicWall solution aligns with the rules and regulations of the E-rate program. SonicWall provides services in the following areas:

  • Managed Internal Broadband Services
  • Internal Connections
  • Basic Maintenance for Internal Connections

With the most comprehensive channel program in the industry, combined with additional E-rate discounts, SonicWall and its partners are best positioned to meet the needs of K12 customers and help them take full advantage of the funding E-rate provides for securing their networks.

If you are an eligible K12 organization, please contact your preferred SonicWall reseller for information on E-rate benefits and discounts, or visit the SonicWall E-rate page for information, tools and guidance.

E-rate Episode Video Series for K-12 School Districts

Know the E-rate Terminology

The E-rate program is replete of acronyms, form numbers and other unique nomenclature. Learn the key terms to successfully guide your K12 organization through the E-rate process.

What is E-rate?

To help offset funding and staffing shortages, the U.S. Department of Education and the FCC launched the E-rate program, which helps make telecommunications and information services more affordable for schools, campuses, districts and libraries.

The E-rate program is operated by Universal Service Administration Company (USAC), which has a core focus of providing underfunded verticals the access to affordable technology and security services. This includes schools, libraries, rural healthcare organizations and more.

USAC provides a yearly Eligible Services List (ESL), which outlines which types of products and services can be procured via E-rate program discounts.

Exertis and SonicWall Pave the Way for KCSiE Guidance and Safer Internet Day

Note: This is a guest blog by Dominic Ryles, Marketing Manager at Exertis Enterprise, SonicWall’s leading distributor in the United Kingdom. Exertis is committed to providing a range of channel focused services designed to enhance your current technical knowledge and expertise in the areas of IT Security, Unified Communications, Integrated Networks and Specialist Software.

The Internet is forever changing education. Opening up a world of opportunities and transforming how students learn. New technologies inspire children and young people to be creative, communicate and learn, but the Internet has a dark side, making them vulnerable with the potential to expose themselves to danger, knowingly or unknowingly.

On the 5th September 2016, the UK Government through the Department of Education (DfE) updated the Keeping Children Safe in Education (KCSiE) guidelines to include a dedicated section for online safety. This means that every school and college will need to consider and review its safeguarding policies and procedures, focusing particularly on how they protect students online. The guidance calls for effective online safeguarding mechanisms with a mandatory requirement for all schools and colleges to have an appropriate filtering and monitoring systems in place, striking a balance between safeguarding and ‘overblocking,’ and being conscious not to create unreasonable restrictions on the use of technology as part of the education process.

When we think of ‘inappropriate material’ on the internet we often think of pornographic images, or even access to illegal sites to download movies and music,  but due to the widespread access to social media and other available platforms, the Internet has become a darker place since it first opened its doors back in 1969. Physical danger from divulging too much personal information, illegal activity such as identity theft and participation in hate or cult websites can lead to cyber bullying, and radicalisation in the modern day school, thus making children and young people vulnerable.

Earlier this year, Exertis, in conjunction with SonicWall, set out on a mission to raise awareness of KCSiE through a series of online and offline activities to the channel. We first put together our comprehensive ‘Appropriate Web Filtering and Monitoring for Schools and Colleges’ guide, which to date has received an overwhelming response from our partner base. The guide provides our reseller partners with all the information they need to understand the statutory changes, and how the SonicWall and Fastvue security solutions can enable educational establishments to become compliant. Towards the latter part of 2016, we registered to support Safer Internet Day (SID) 2017, a day dedicated to raising awareness of online safety for children and young people. Already in its sixth year, Safer Internet Day is run by the UK Safer Internet Centre, a combination of three leading UK organisations: SWGfL, Childnet International and Internet Watch Foundation with one mission – to promote the safe and responsible use of technology for young people. It will be the first year both companies have supported Safer Internet Day and we have been busy raising awareness in our local community. We approached two schools; St Margaret Ward Catholic Academy and The Co-Operative Academy and commissioned them to produce a large canvas painting with the topic ‘What does the internet mean to you?’ Students and teachers from both schools will come together to create two canvas paintings depicting the good and the bad of the internet from their perspective. We have given the schools 4-weeks to complete the art project and will be revisiting both schools on Safer Internet Day, 7th February to meet with the students and teachers behind the project, provide a talk around e-Safety, and with it, hope to raise awareness of children and young becoming safe on the Internet.

About Safer Internet Centre.

The UK Safer Internet Centre are a partnership of three leading organisations: SWGfL, Childnet International and Internet Watch Foundation with one mission – to promote the safe and responsible use of technology for young people. The partnership was appointed by the European Commission as the Safer Internet Centre for the UK in January 2011 and last year reached 2.8 million children. To find out more. Please visit –

About Exertis (UK) Ltd.

Exertis is one of Europe’s largest and fastest growing technology distribution and specialist service providers. We partner with 360 global technology brands and over 28,850 resellers, e-commerce operators and retailers across Europe. Our scale and knowledge, combined with our experience across the technology sector, enables us to continue innovate and deliver market leading services for our partners. To find out more, please visit our website –

Are Campus Defenses Keeping Up with Attacks from the Cyber Netherworld?

I took a computer science minor when I was in college. Back then, the school computers were in a heavily secured section of one building, and we accessed them from teletype terminals and punch card readers (no, we did not use charcoal on slates by the fireplace in the log cabin!). There was no reason to worry about the security of our computer work, other than needing to stay on the good side of the staff of the computer center so that they wouldn’t reshuffle our punch cards or “misplace” our printouts.

Fast forward more than a few years, when I was doing graduate work at a public university. I took 30 credits online, using recordings of on-campus classes, regular chat sessions with my instructors and fellow students, and accessing research information, including public and professionals-only data sources, through the school’s online library system and its global connections. I didn’t pay too much attention to the security of my online activities; internet connectivity made them possible, but there weren’t nearly the number of bad actors out on the net that there are today.

Today my son is in college, and it’s natural for him to select a mix of online and in-person classes, even though his school is a short drive away. He relies on his school’s IT infrastructure for classwork, exams, registration, and research, and can access these functions as well as find out anything about what is available on the internet–from his laptop or smartphone. And every one of those transactions takes place in a space that is just seething with cyber muggers, burglars, and every variety of malicious actor you can imagine.

Information is the stock in trade of colleges and universities. Information enables students to pursue their degrees, faculty to teach and research, and staff to keep these institutions running. Much of the information has real value in the cyber netherworld, whether it’s personally identifiable information of students, proprietary research conducted with other schools and industry partners, or financial transactions.

Keeping this information secure is a challenge. In a recent Center for Digital Education survey of higher education IT professionals, 72 percent listed data breaches among their greatest current network security concerns. Their top security concerns for the year ahead? Spam, phishing, and malware. What’s standing in the way of better network security? More than four out of five pointed to budget constraints.

Keeping campus networks secure in the face of ever-increasing growth of data, devices used to access that data, and cyber threats requires more effective and more cost-effective security. To learn more about what’s keeping campus IT leaders up at night, and what they’re doing about it, view our on-demand webcast, Network Security in Education: The changing landscape of campus data security.