News Insights: S. Rept. 116-27 – DHS CYBER HUNT AND INCIDENT RESPONSE TEAMS ACT OF 2019

News Insights:

Brian Vecci, Field CTO at data protection and analytics pioneer Varonis,

“Schools, like municipalities, hospitals, and all kinds of organizations large and small, are getting crushed by ransomware. Ransomware is a well-known, well understood cyber threat, but it’s a bigger problem than ever, and municipalities and schools are often easy targets. This kind of attack targets files and can make a single workstation, a file server, or even an entire enterprise unusable to the point that an organization, like these schools, has to almost completely shut down. Ransomware can get into a network through relatively common means, like spearphishing, where attackers will craft legitimate-looking emails that once opened will launch the attack. Once inside, the attacks will target, either automatically or with guidance from the attacker, exposed files on workstations and shared file servers, and lock them down until a ransom is paid.

So why are attackers targeting schools? It’s likely because they’re less equipped to defend themselves. While the basics of ransomware are relatively straightforward, protecting against it—detecting it quickly enough to make a difference and preventing the damage from being widespread—isn’t necessarily very easy. Traditionally, organizations have tried to lock down the perimeters—think firewalls and devices. The problem with ransomware, especially the more sophisticated variants we see today, is that attackers can easily bypass these perimeters. Once inside the network, the data itself is often left wide open and unmonitored, so attackers can lock everything down without being detected. The most sophisticated ransomware attacks these days involve attackers silently moving around the network looking for data that’s exposed and critical before launching the attack, making it highly likely that the target will have to pay.

Ransomware attackers are in the business of getting paid, so they’re targeting the organizations that have the weakest defenses. Schools and other underfunded organizations are often behind when it comes to the tools and training needed to combat modern threats, and are the most likely to pay quickly. A school can’t stay closed forever, and if the only option is to pay the ransom, they will. We’ll continue to see attackers exploit these factors until more modern security practices—least privilege access with monitoring and analytics on data—are more common.”