Alabama schools are the target after Louisiana, Oklahoma, California, Ohio, Idaho, NY. Is ransomware making America great again?

Information security specialists say that there are an increasing number of incidents of cyberattacks in schools or government institutions in the U.S. Just yesterday, a cybersecurity emergency declaration was released in the state of Louisiana, after the governor reported that a variant of malware had infected the computer systems of multiple academic institutions.

Now, Alabama authorities have reported a cybersecurity incident that has compromised systems for an as yet undetermined number of schools in the Middletown school district.

Michael Conner, school superintendent, mentioned that this is a ransomware infection, adding that authorities have not paid any ransom to hackers. “We are collaborating with information security specialists to determine how hackers entered our systems; we will also implement a recovery process as soon as possible”. Two of Middletown’s six computer systems are operating with multiple limitations.

On the other hand, Mayor Daniel Drew said local government systems operate normally; however, the county’s IT staff is working to monitor, detect, and prevent potential attacks. “We are working really hard to prevent any new incident. The fiscal year is about to end and we cannot allow our activities to be crippled by a computer virus,” the Mayor added.

Among the most recent ransomware victims in the U.S. are:

  • Alabama School Districts
  • Oklahoma City public schools
  • Montebello Unified School District, California
  • Sugar-Salem School District, Idaho
  • Connecticut School Districts
  • Schools and government offices in Florida
  • Ohio schools
  • Louisiana School Districts
  • Schools in Syracuse and the Onondaga County Library, New York

Ransomware attack incidents keep affecting government institutions, businesses and individuals across the country. Information security specialists claim that these infections commonly start with a phishing attack. “Pretending to be an Education Department official, a threat actor could trick members of schools’ administrative staff into delivering contact information, primarily emails”, mentioned the experts.

The attackers then send school staff emails with attachments waiting for the victim to download them to their devices. Once the victims open these files, it releases a virus that blocks access to all files on a system, demanding up to $10k USD to restore the access.

Information security specialists from the International Institute of Cyber Security (IICS) have detected some of the most common variants among recently detected infection cases. Although harmful capabilities and infection methods may vary, all of these malware aim to the same goal: to get a ransom.

The five types of ransomware most used in school attacks in the U.S. are:

  • Cryptomalware: This is a fairly common form of ransomware and can cause great damage. One of the best-known examples is the WannaCry variant, which in 2017 was used to attack thousands of targets worldwide; reaching the networks of some of the world’s largest corporations
  • Locker: This type of ransomware is known for infecting an operating system to completely block the victim from their computer, disabling access to any file or application
  • Scareware: This is fake software that acts like an antivirus or cleaning tool. Once installed, the scareware shows the victim a message that claims to have encountered a problem on their computer and demands a payment for its solution. Some types of scareware may even lock a computer, while others may spam supposed security messages on the user’s screen
  • Doxware: Also known as leakware, this ransomware variant threatens victims with posting online private information if the ransom is not paid. People store hundreds, even thousands of sensitive files on their devices (photos, login credentials, bank details, etc.), so they are highly likely to panic and give their money away to attackers if they find messages of this kind
  • Ransomware as a Service (RaaS): This is a service hosted online by malicious actors that anyone can hire to deploy ransomware campaigns against a particular target. When hired, hackers take care of everything they need to achieve the infection, from malware distribution and ransom transfers, to delivering the decryption keys

Protect your school

Although it is a basic security measure, it is worth reminding system administrators that all computers in a school must be protected with reliable antivirus tools with the latest updates installed. Other tools, such as email filters, help block most emails from malicious content. However, remember that these measures will not fully protect you, so they must be combined with appropriated information security policies and administrative staff awareness.

If case you’re not 100% sure:

  • Don’t open any attachments or click on any links, and never forward or respond to a suspicious message
  • Check the authenticity of the email with your colleagues to see if someone else received the same message
  • If you do not have absolute certainty about the veracity or provenance of an email, you can contact the International Institute of Cyber Security (IICS) via e-mail info@iicybersecurity; by sending a screenshot of the suspicious email, highly trained staff in handling cybersecurity incidents will advise you what steps to take