Ransomware and Your School's Data Security: The Do's and Don'ts
Imagine this scenario: You arrive at school, fix yourself a nice cuppa and settle into your morning session of getting through emails. With last night’s cobwebs still clearing from your head, you click on a seemingly innocuous but unfamiliar email attachment labelled ‘invoice’.
Within seconds, your PC becomes totally unresponsive and this ominous window pops up:
All your files are now encrypted by 1024-bit strength encryption and months of carefully-crafted lesson plans, meeting notes and brilliant school leadership ideas have become totally inaccessible. The infection comes with a demand for a ‘ransom payment’ via Bitcoin, an untraceable online currency. To make things even worse, your network account has allowed the infection to spread and now all the files on your school’s curriculum and administrative servers have been encrypted too. The school’s entire network has ground to a halt. Your office phone and mobile phone start ringing simultaneously from panicked colleagues. It’s the beginning of a very long day.
Unfortunately, the above scenario is not pure fiction – in 2013 the Cryptolocker ransomware variant managed to infect a staggering 500,000 users worldwide and in the 2nd half of 2015, McAfee Labs researchers detected 4 million instances of ransomware being deployed online. With this in mind, we’ve put together some simple steps to protect you and your school from this particularly nasty security threat.
What exactly is it?
Ransomware is a type of malware (or malicious code) that typically uses ‘phishing’ emails to trick recipients into installing a Trojan virus on their systems. Once triggered, it quickly encrypts all the files on the victim’s hard drive and delivers a ‘ransom’ message with a demand for payment - typically with a deadline attached to the threat.
How to protect your school
By now it should go without saying that all your school’s devices should be protected by a reputable and up-to-date Antivirus programme. A good spam filter on the school’s network will also go a long way towards blocking most malicious emails - but do not assume that either of these will block 100% of the threats.
Ultimately, the best spam filter you have is your eyes - if an email looks suspicious, it is probably worth deleting.
If in doubt:
- Do not open any attachments or click any links, and do not forward or reply to the message
- Check with a colleague or any other member of staff included in the email to see if they received it and were expecting it
- If you are one of Joskos’ supported schools, ask a member of our Service Desk to review the email for you – again do not forward or reply to the message. You can send a screenshot of the email to firstname.lastname@example.org or simply call us and ask a member of our service team to access your PC remotely so we can assess it.
Have you backed up lately?
One of the most effective defences against ransomware is the implementation of an automated, robust back-up process in your school. This can guarantee the restoration of your data and minimise disruption to the school. Having a secure on-site backup supplemented by a cloud backup solution is ideal – this way even if the malware spreads throughout the network, you will still have access to a ‘healthy’ version of your data.
The high-impact nature of this malware variant makes this very much a case of ‘prevention is better than cure’. Educate your school’s staff about phishing techniques and share the above tips with them.