Over 500 US Schools Were Hit By Ransomware in 2019 (zdnet.com) 27
In the first nine months of the year, ransomware infections have hit over 500 US schools, according to a report published last week by cyber-security firm Armor. From a report: In total, the company said it found and tracked ransomware infections at 54 educational organizations like school districts and colleges, accounting for disruptions at over 500 schools. To make matters worse, the attacks seem to have picked up in the last two weeks, with 15 school districts (accounting for over 100 K-12 schools) getting hit at the worst time possible -- in the first weeks of the new school year. Of these 15 ransomware incidents, Armos said that five were caused by the Ryuk ransomware, one of today's most active ransomware strains/gangs. Overall, Connecticut saw ransomware infections hit seven school districts throughout 2019, making them the state whose educational institutions were compromised the most by ransomware attacks this year. But while Connecticut saw the most ransomware infections targeting school districts, it was Louisiana who handled the attacks the best when, in July, Governor John Bel Edwards declared a state of emergency in response to a wave of ransomware infections that hit three school districts. The governer's actions rallied multiple state and private incident response teams together and helped impacted school districts recover before the new school year, without paying the hackers' ransom demand.
Probably Bitcoin ransoms (Score:2)
It would be cool if, once, the ransom was in a low-value alt coin, just to see the look of the people reading it.
"They want HOW MANY dogecoins??!?!"
The ones that make children "fit for the future"? (Score:2)
Seems like a massive fail right there.
Re: (Score:2)
Don't threaten people. That doesn't work. Just do it.
I think it would make a neat halftime show for football. To quote the late George Carlin, people would tune in that don't give a fuck about football!
Re: (Score:2)
This is not a problem of penalties. They are already insanely harsh in the US. This is a problem of those doing these things not getting caught. Harsher penalties have absolutely no positive effect (but some negative ones) if the intended targets do not think they will ever be applied to them.
Incidentally, leaving your door open like this gives you part of the blame and maybe IT security _this_ bad should have consequences for those responsible as well?
They want how much? (Score:2)
Re: (Score:2)
You do not know who these people are. Also, vigilantism is illegal for good reasons.
Re: (Score:2)
I would think putting a bounty on their head would capture more of these people then the police do. And once captured, they accidentally fall down a flight of stairs prior to being turned over to the police.
Re: (Score:2)
Exactly this defective thinking is the reason why vigilantes go to prison.
Re: (Score:2)
Vigilantism is the natural result of civil authorities failing to keep the peace.
Re: (Score:2)
Nope. It is the result of cave-man minds that understand nothing.
NONE of these school admins knew about BACKUP? (Score:2)
Loss of ALL your docs is just a larger scale example of what happens if some one Principal's PC dies and takes all budget and planning docs with it IF YOU DON'T HAVE SECURED BACKUPS THAT USERS (AND USER MALWARE) CANNOT REACH
Ransomware is just a way to exploit really irresponsible backup and archiving procedures. Admins are not victims here.
Re: (Score:2)
They are victims... without a backup plan [instantrimshot.com].
Re: (Score:2)
So, to quote Blazing Saddles, "you know, morons!"
And while we're at it, it's also appropriate to quote Terminator 2, "Are we learning yet?"
Re:NONE of these school admins knew about BACKUP? (Score:4, Insightful)
You should look into what passes for IT in public school systems. At best it's a running list of private contractors. At worst it's the superintendent of school's nephew who "knows about computer stuff."
We have umpty-billions of Linux distros that cater to the smallest segments of a tiny market. Why not a distro that directly meets the needs of public schools? Debian has one, and SUSE has one I think, and that may be a good starting point, but I mean one that addresses the very particular requirements of public schools. Upgrades have to be automatic, the hardware requirements must be low, and provisioning laptops and/or tablets is a requirement. Integration with web hosting (either local or positioned on cloud services), hardened email, calendaring. A testing environment that locks the user into a single session to prevent cheating. Simple tools for generating drills and exercises. Typing tutors. Databases for records. And of course, a full-time automatic backup built into every service.
Get a dozen nerds and a couple million bucks together and test it out on the public schools of Plentywood, Montana or somewhere.
Re: (Score:1)
Re: (Score:2)
If everyone practiced good backup discipline, there would be no ransomware stories about schools or anybody else. In fact, there'd be no ransomware. It only happens because some people are not doing backups
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Re: (Score:1)