“Ripped from the Headlines: Proof of Life? Russell Crowe cannot save your district from a ransomware attack”

By Clint Campion of Sedor, Wendlandt, Evans & Filippi, LLC

Part Three of the series, Ripped from the Headlines

In 2000, Russell Crowe starred in a movie called “Proof of Life” as a “K&R Consultant,” or expert in negotiating kidnap and ransom cases. In the end, Russell Crowe and his team are inserted into the kidnapper’s base camp and rescue the hostages. Unfortunately, if your district is subject to a ransomware attack, you cannot call Russell Crowe to save the day.

Ransom is defined as consideration paid or demanded for the release of someone or something from captivity. In 2020, more than sixty school districts, some large and some small, across the United States have already been the victims of cyberattacks. The estimated average ransomware demands received by these school districts are more than $170,000 per attack.

The cyberattacks were initially called “ransomware” attacks because hackers infiltrated computer systems and networks and blocked access to data. These cyberattacks have evolved into “leakware” attacks where the hackers threaten to release sensitive data unless they are paid a ransom, usually by Bitcoin.

In response to these cyberattacks, the federal government has prosecuted many hackers, including Russian ransomware group known as “Evil Corp,” which has been alleged to have deployed malware to steal more tens of millions of dollars. The federal government believes there has been a surge in ransomware attacks because they are profitable and thus urges ransomware victims not to pay hackers any ransom in order to decrease the frequency and severity of ransomware attacks.

In August 2020, the Clark County (Nevada) School District suffered a ransomware attack in which sensitive personal data for thousands of student and employees. The district followed the advice of the federal government and refused to pay any ransom, resulting in its network taken hostage. In response, the hackers released student grades and sensitive personal information of students and employees. The district has responded by offering complimentary credit monitoring and identity restoration services to those affected by the attack.

Districts need to take steps to prevent ransomware attacks and need to be ready to respond to a ransomware attack. Districts need to educate all network users to never click unsolicited links or to open unsolicited attachments in emails. Districts can improve awareness by simulating phishing emails. Districts also need to enable strong spam filters, backup data regularly, and ensure they have data recovery strategies.

If a district is infected with ransomware, there are several steps it must take. First, it should isolate the infected computer(s) immediately. Next, it should secure backup data by immediately taking it offline and then change all passwords. Then, it should notify federal law enforcement, rather than local law enforcement. Lastly, it must consider whether, how, when, and what to notify parents, students, and staff.

Districts should consider the risks before paying any ransom. If a district pays a ransom, it does not guarantee it will regain access to the data. Paying a ransom also does not prevent the district from being subject to future ransomware attacks. A district may be asked to pay additional ransom amounts and may be encouraging future ransomware attacks.

Alaska’s school districts must be aware of the increased potential of ransomware attacks and must take steps to prepare for them. They cannot simply call for Russell Crowe to bail them out if they are attacked.

More from Sedor, Wendlandt, Evans & Filippi, LLC:

The views expressed here are the writer’s and are not necessarily endorsed by the Association of Alaska School Boards. AASB welcomes diverse perspectives and civil discourse. To submit a Guest Column for consideration, see our Guest Column Guidelines and email your 400-1000 word submission HERE.