As its name suggests, ransomware is a specific type of malware that tries to extract a ransom payment in exchange for unblocking access to an asset that belongs to the victim.
In the case of crypto-ransomware – or cryptors – the ‘kidnapped’ assets are the files and data that are stored on the infected device. The cryptor encrypts the victim’s data into an unreadable form – and the data can only be decrypted by using the necessary decryption key… but that key is only released by the criminal after the victim has paid the ransom demand.
What’s the damage?
Cryptor attacks affect both schools and businesses.
Whereas consumers are typically faced with ransom demands of £300 to £500, cybercriminals fully understand how valuable data can be for a school, so the ransom charges can be much higher.
If one of your devices is infected, the attacker will normally give you 48 to 72 hours to pay the ransom. If you don’t pay within the deadline, the price for decryption is likely to increase. After a second deadline passes and the payment is still not made, it’s likely that the decryption key will be deleted. At that point it may be impossible to recover your files in a readable form.
Even if you do pay the ransom, there’s no guarantee your data will be unencrypted. Some cryptors contain software bugs that may cause them to malfunction – so the decryption process fails. In other cases, the criminal may simply have had no intention of ever enabling decryption. Instead, they just take the victims’ money.
According to a survey conducted by the University of Kent’s Interdisciplinary Research Centre in Cyber Security, in February 2014, over 40% of CryptoLocker victims agreed to pay the ransom.
Which school devices are at risk?
It’s worth remembering that a cryptor can attack a wide range of devices, including:
- Apple Mac computers
- Android tablets and smartphones
- Virtual desktop infrastructure (VDI)
Furthermore, if the device being attacked is also attached to a network drive – that enables sharing of school data files – the shared files are also likely to be encrypted by the crypto, regardless of which operating system the file server is running under.
Unfortunately, whatever device is being attacked, administrator rights are not required for most of the malicious actions that cryptors perform.
If your school data is attacked, beware of ‘false remedies’ – that may be promoted on the Internet – as these may only add to your problems:
1 - Often, they don’t work – but just take more money from the victim
2 - Some can even download additional malware onto the victim’s network
How do you protect your school from ransomware?
When it comes to dealing with the risk of a cryptor attack, you have two choices
- Hope you’re not attacked – but with the increasing number of cryptors, that’s not really a viable option!
- Follow some easily applied rules to help keep your data – and your school – safe.
School ICT Security Best Practice
Educate your users
People are often the most vulnerable element in any business. Teach your staff about ICT security basics, including:
- Awareness of phishing and spear-phishing risks
- The security implications of opening any email attachment that looks suspicious – even if, at first sight, it appears to be from a trusted source
Regularly back up data and verify the restorability of your backups
All school should already have data backup policies. However, it’s essential that you backup your data onto an offline backup subsystem – instead of just copying files to another ‘live’ system on your corporate network, otherwise a cryptor will be able to encrypt your backup files.
Establish a ‘back up and disconnect’ policy – so you’re not just copying data onto a permanently connected file server.
Protect all school devices and systems
Because cryptors don’t just attack PCs, you’ll also need to ensure your security software can protect your Apple Mac computers, virtual machines and Android mobile devices.
It’s also worth ensuring you have sufficient protection installed on your email system.
Deploy and maintain security software
As with all malware prevention, your watchword should be ‘update early – and update often’, so you:
- Update all applications and operating systems – to eliminate newly discovered vulnerabilities
- Update the security application and its anti-malware database – to ensure you benefit from the latest protection
Try to select a security solution that includes tools which:
- Manage the use of the Internet – for example, according to job role
- Control access to corporate data – again, according to job or department
- Manage the launch of programs – using Application Control technologies that help you block or permit programs
We can help to secure your school!
One Education is able to provide a wide range of ICT support, advice and practical solutions covering anti-virus, system security and data backup.
For a free consultation on your ICT system, contact us on 0844 967 1113