A Cybersecurity Advisory alert was issued last week after a school system in California was allegedly attacked by a group known as the Vice Society.
According to the alert, the education sector, including school districts and colleges, has been a frequent target of ransomware attacks.
An Augusta County Public Schools spokesperson said the school system is proactive when it comes to security.
“Augusta County Public Schools takes all aspects of safety and security seriously. This includes the security of our electronic data,” said Miranda Ball, executive director of communications. “Our technology department is continually proactive in these efforts and responsive to guidance from related agencies, including the FBI.”
Waynesboro Public Schools said they replaced their firewall in March with a next generation SonicWall network security appliance.
“We also have a backup appliance that backs data up to an offsite location to protect against data loss,” said Roger Ramsey, network manager for Waynesboro City Public Schools. “We are confident in our cybersecurity resources, but our technology team is constantly updating our system and patching deficits that are identified.”
Staunton Public Schools are taking advantage of educational opportunities from the Virginia Department of Education’s Office of Information Security. The education includes threat management resources, contacts and guides for troubles they may see or experience.
“In the constant wake of cybersecurity attacks, our awareness is and has been at a heightened level,” said Tom Lundquist, director of technology for Staunton City Public Schools. “We continue our educational technology research and evaluate and test our selected implementations of adopted best practices to safeguard our data.”
The Cybersecurity Advisory alert was issued by the Federal Bureau of Investigation, the Infrastructure Security Agency and the Multi-State Information Sharing and Analysis Center.
“Over the past several years, the education sector, especially kindergarten through twelfth grade institutions, have been a frequent target of ransomware attacks,” the alert read. “Impacts from these attacks have ranged from restricted access to networks and data, delayed exams, canceled school days, and unauthorized access to theft of personal information regarding students and staff.
“The FBI, CISA and the MS-ISAC anticipate attacks may increase as the 2022/23 school year begins and criminal ransomware groups perceive opportunities for successful attacks,” the alert read. “School districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable.”
The alert continued: “K-12 institutions may be seen as particularly lucrative targets due to the amount of sensitive student data accessible through school systems or their managed service providers.”
The advisory recommends:
- Maintain offline backups of data, and regularly maintain backup and restoration. By instituting this practice, the organization ensures they will not be severely interrupted, and/or only have irretrievable data.
- Ensure all backup data is encrypted, immutable (i.e., cannot be altered or deleted), and covers the entire organization’s data infrastructure. Ensure your backup data is not already infected.
- Review the security posture of third-party vendors and those interconnected with your organization. Ensure all connections between third-party vendors and outside software or hardware are monitored and reviewed for suspicious activity.
- Implement listing policies for applications and remote access that only allow systems to execute known and permitted programs under an established security policy.
- Document and monitor external remote connections. Organizations should document approved solutions for remote management and maintenance, and immediately investigate if an unapproved solution is installed on a workstation.
- Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure location (i.e., hard drive, storage device, the cloud).
The alert also encouraged school systems to implement recommendations of the CSA to reduce the likelihood and impact of ransomware incidents which can cost school systems millions of dollars.
If you or your organization is the victim of a network intrusion, data breach, or ransomware attack, contact your nearest FBI field office or report it at tips.fbi.gov.
For more information on cyber threats, visit fbi.gov/investigate/cyber