Designing Protection Against Ransomware and Cyber Attacks

a global map made of circuitry lines
By Richard Luna

As a person who has dedicated his life to technology, I can tell you with the utmost certainty that every school and educational environment can be modified to be protected from both cyber and ransomware attacks.

Every time there’s a new report of another school being attacked by hackers leaving the business office or classes down, I just want to bang my head against the wall. Schools are targets for cyber-criminals because the data they possess is deemed very valuable, like social security numbers and birth dates of their students and staff. Criminals encrypt the stolen data through a ransomware attack where they can extort payment, or they can sell the data itself to generate another payment for themselves. Some school districts have tried moving to the “cloud” or using “web apps,” not realizing that the cloud is nothing more than a shared computer in someone’s office and that the data is just as exposed as it was when previously stored in the school. Actually, it’s even more exposed because these “web apps” eventually become attack targets themselves. What’s worse, sometimes schools are too ill-equipped to evaluate the safety and security procedures of the web app vendors they use.

Below are a few references for you to peruse regarding the constant cyber attacks within schools:

What is the solution?

So, do all paths lead to infection and data loss? No. Protected Harbor has been protecting schools from ransomware and other cyber-attacks for years. We protect our client’s schools by designing protection into their system. For business offices, we convert all office PCs into terminals and build out protected hosted servers that require multi-factor authentication to access. The backups are then air-gapped from the client, resulting in backups that are isolated and protected. To understand how this all works, let’s start with the basics of what a cyber attack is. What is unique about schools? Schools are targets of both ransomware and other cyber attacks because their employees are easy targets for their phishing schemes. Another reason is educational IT budgets are typically underfunded.

Education employees are service-oriented employees – they want to help. They will respond if they receive an email with an attachment and the subject line reads, “my son is ill today,” or “when is parents’ day?” Most teachers are used to clicking on these types of emails, even from people they do not directly know; however, once they click on any email with an attachment, they are initiating an attack.

Why are schools targets?

There are several reasons:

Vulnerable Technology Infrastructure: Schools often have a large number of devices and systems that are connected to the Internet, such as computers, servers, and databases. These systems may be outdated, unsupported, or poorly configured, making them vulnerable to cyber attacks. Additionally, many schools rely on third-party vendors for their technology needs, and these vendors may not have adequate security measures in place.

Potential for Large Payoffs: Ransomware attacks on schools can be lucrative for cyber criminals. Schools often have a large amount of sensitive data that can be held for ransom, and the potential payouts can be significant. Hackers may also target schools in affluent areas or those with high enrollment, as these schools may have more resources available to pay the ransom.

a woman sits at a desk with her head in her hands in frustration as a "system hacked" screen displays on dual monitors

Limited IT Resources: Schools often have limited budgets for IT and cyber security measures, which can make it difficult for them to keep their systems up-to-date and secure. This can leave them vulnerable to cyber attacks, as they may not have the necessary resources to implement strong security measures or respond to threats effectively.

Low Cyber security Awareness: Some schools may not have a culture of cyber security awareness. This results in staff and students not being trained on how to recognize and respond to cyber threats. This can make it easier for hackers to exploit any vulnerabilities and gain access to school systems.

Impact on Operations: Ransomware attacks can disrupt school operations, leading to canceled classes, delayed exams, and disrupted learning. This can cause significant stress for students, teachers, and parents. It can also have a long-term impact on the reputation of the school.

The steps in a cyber attack

Cyber attacks don’t just spontaneously occur. They are typically a series of actions, and each action that goes on gathers more and more information about the school system and its vulnerabilities. The attacker then continues to figure out where the weaknesses are in the school’s computer systems, their employees, or their network.

Let’s look at some of the attacker’s steps:

Scanning: The attacker looks for any vulnerabilities or weaknesses in the target’s computer systems and network.

Initial Access: The attacker finds a way to get into the target’s computer systems, usually by tricking someone or finding a weakness within the system.

Escalation of Privileges: The attacker tries to gain higher levels of access to the target’s computer systems or network by finding more weaknesses.

Lateral Movement: Once inside the target’s network, the attacker moves around to other parts of the network to try to get into more systems or to spread harmful software.

Data Exfiltration: The attacker steals valuable information from the target’s computer systems.

Command and Control: The attacker sets up a way to keep accessing the target’s computer systems even after the attack is discovered.

Covering Tracks: The attacker tries to hide their tracks by deleting any evidence that they were ever there.

It’s important to note that not all cyber attacks follow these exact steps, and some attacks may combine certain steps or skip some steps altogether. Additionally, some attacks may even involve multiple attackers working together to achieve their goals.

How are schools cyber attacked?
There are a number of ways schools can be attacked, there is not just one entry to or one way to attack a system.

Some of the traditional attacks we see are:

Ransomware: Hackers may use a type of malicious software called ransomware to encrypt files on a school’s computer system, demanding payment in exchange for the decryption key. This can lead to the loss of important data and disruption of school activities.

Phishing: Hackers may try to trick school staff or students into giving them sensitive information like login credentials or downloading malware by posing as a trusted entity such as a teacher or school.

Distributed Denial of Service (DDoS) Attacks: Hackers can use a technique called Distributed Denial of Service (DDoS) to overload a school’s website or server with traffic, making it inaccessible and disrupting access to online resources.

Malware: Hackers may use malicious software to damage or disrupt a school’s computer systems, potentially leading to the loss of data or unauthorized access to school systems.

Password Attacks: Hackers may try to guess or crack passwords to gain access to a school’s computer systems, especially if staff or students use weak passwords or reuse passwords across multiple accounts.

close view of an illuminated blue finger print

If the school has Wi-Fi and most do, then the following attacks can also occur:

Man-in-the-Middle (MITM) Attacks: A hacker can intercept communication between devices on a Wi-Fi network and steal sensitive data such as login credentials or credit card information.

Rogue Access Points: A hacker can set up a rogue access point that mimics a legitimate Wi-Fi network, tricking users into connecting to the rogue network and stealing their data.

Packet Sniffing: A hacker can capture packets of data transmitted over a Wi-Fi network, allowing them to view sensitive information such as login credentials or credit card numbers.

Denial of Service (DoS) Attacks: A hacker can flood a school’s Wi-Fi network with traffic, causing it to crash and preventing users from accessing the network.

How Protected Harbor avoids attacks

We avoid attacks through better design. We take security and cyber attacks into account while preserving the look and feel of your existing system, resulting in minimal training and loss of downtime while working in your new, secure, cloud-based environment.

One example of a new protection we add is multi-factor authentication, better known as MFA. MFA is required to access your new system. When a business officer or board secretary logs into your system, they are first asked for an ID and password and then before they see any data, they are asked for a code. The code can be received via a mobile phone, phone call, or email.

Even if the attacker has stolen the ID and password, and that ID and password are valid, without the code they cannot access your system.

Another security measure we add is Geo-Blocking. If a user is attempting to access the system outside the United States without alerting us beforehand, their connections are blocked.

Once at a desktop, the school employee will be able to see the same school desktop they see today, icon by icon, file by file. Same desktop but better protected.

Another security measure is that your new system is running in a private cloud, eliminating the need to purchase on-premise servers and reducing hardware costs the school currently pays.

When we redesign your system, we also add remote access, air-gapped isolated backups, 24-hour support, and monitoring. This means, without any additional costs, your new system includes backups and remote access, allowing employees to work from anywhere in a secured remote environment.

If any employee were to have a question, they can call and speak to one of our specialists 24 hours a day – not a subcontractor, a dedicated employee who knows your new system and is ready to help no matter the task.

Our service is all inclusive. Included in the monthly cost is Data Hosting, Data Migration, 24-hour unlimited support, operating updates and maintenance, remote access, multi-factor authentication, and much more.

Learn more by clicking here.

About the author

Richard Luna, founder, and CEO of Protected Harbor has more than 25 years of technology leadership and infrastructure expertise. Known as a top voice in optimizing business information technology and cybersecurity, Richard has a passion for helping cultivate growth and durability for companies through IT, providing resources, knowledge, and empowering them to harness technology for growth. Richard is also the founder of Netmagic and former IT director of U.S. News & World Report.