SPARTANBURG, SC – Safety is a top priority for schools, but ransomware is a growing threat and it’s one that can impact your child’s private information.
The computer attack hijacks entire networks and demands payment to unlock important files.
This year, the third largest school district in the state had to pay up.
The FBI warns institutions, like schools, with big networks are extremely attractive to these hackers.
So we looked into what districts need to do to protect your children’s information and your tax dollars.
At Greenville County Schools, parents may not see much of Bill Brown, the head of technology, but behind the scenes, he and his team are thwarting cyber attacks on a daily basis.
“At our schools our playgrounds are safe, we have people out there monitoring the students, we have fenced in playgrounds, we have cameras all over the place, well the internet is a playground for our students, too, and so we have to make that safe as well, as safe as we can make it,” said Brown.
With 64,000 computers, and 900 servers on its network, that’s no easy task. Brown says over the last six months, schools across the country have faced more than 8,500 ransomware attacks alone.
This year the malware made it onto a school desktop and two laptops.
“Most of the software is getting through our anti-virus and our anti-malware and is actually not being picked up. We don’t get alerts typically from that, we get alerts when we notice traffic leaving the computer and going places that it shouldn’t go like Germany and Tiawan and Japan,” said Brown.
The hackers lock up all your important files like your photos and documents, and all you can see is an alarming message. A photo was sent to Horry County Schools in February. It said if you don’t pay 22 bitcoin within “7 days” “it’s impossible to recover your files.”
Horry paid the $10,000 because the cyber-criminals had breached 80% of its servers.
Horry’s head of technology, Charles Hucks, says, “There are many school districts and certainly probably many more organizations in just the state of South Carolina that have been hit with ransomware just like we were and nobody wants to talk about it. Nobody wants to admit that they got hit because they feel like they’re admitting that they’re wrong.”
Hucks says the district spoke out to warn others.
In it’s case, the hackers snuck in through an old server that was never taken offline.
“We could have very easily prevented this attack for us by saying, you know what, we’re going to keep that system available for access to historical data, but we are not going to make it accessible over the public internet,” said Hucks.
Brown says Greenville’s cases were isolated to the desktop or laptop originally infected and the issues were resolved. He admits, even if he did pay, he would never tell.
“If you tell everybody that you paid ransomware, then you’re bringing other actors on board because you’re going to be saying, well look it, that guy just made a whole bunch of money, let me do it,” said Brown.
Abraham Varughese, the head of a security firm says, “You never know when one of these things will hit you, and if they do hit you and you don’t have a good backup and you haven’t been paying attention to backing up correctly, then you’ve lost just about everything. There’s no way you can get this back. That’s the seriousness about this.”
Horry County Schools now has a remote back-up offsite, and also several primary back-ups at each school to speed up recovery.
Good detection programs, and backups aren’t cheap, but Brown says it’s far less costly to put more tax dollars towards that than to pay for both the ransom and recovery after you get hit.
“You’re going to get hit with it. It doesn’t matter. You just got to make sure you can handle it when you are hit with it,” said Brown.
The right back-up should include these key elements:
- The ability to create an image of the computer system. An image is a full copy of the system at a singular point in time. Images should be retained so that the system can be restored to a past point in time.
- Data backups and images should be stored on a local external drive that can be disconnected from the computer system when not in use. Also, the backup should be sent to a Cloud service and preferably be encrypted.
- Create “TEST” files and/or folders on your computer file system that can be used for restore tests.
- Automatic notification of status and frequent testing to make sure the backup works. DO NOT test restoring images. Restoring an image of a computer system is done only as a last resort.
Before buying a backup system, check reviews with reputable places like this one. And a quick Google search on “2016 Cloud Backup service reviews,” is also helpful.