Malware especially ransomware has existed for decades. Ransomware has become one
of the most financially devastating types of malware attacks and poses a serious threat to agencies, school districts and other organizations. The objective of ransomware attacks is to gain unauthorized access to files containing sensitive information while restricting access to the files by authorized users and demanding a ransom payment to release the restriction.
According to the findings of a recent survey, nearly half of all education institutes across
the globe were targeted by ransomware in 2020, out of which 58% of institutions shared
cybercriminals succeeded in encrypting their data.
In a typical ransomware attack, hackers usually attack higher education institutions that
inherently store an enormous amount of confidential student data, research data or any
type of system that is valuable for the institution. In such cases, the institutions are left with just a few choices – either to pay a ransom to the hacker, have a highly competent cyber security team to break the encryption or restore the data.
As cyber crime continues to evolve and provide difficult challenges for educational
institutions, they must take more action and become proactive in their efforts to protect
critical information and data. Ensure there are educational materials, such as
anti-phishing training, which can help teachers, staff, and faculty from all departments
better prevent an attack from happening network-wide.
Therefore, to avoid adverse consequences of a ransomware attack, even the smallest of
education institutions must look into the opportunities that cybercriminals use to attack
Due to the emergence of online learning, threats in cyberspace became more common.
Unlike institutions, the systems and home networks do not provide firewalls or increased
protection. As a result, they are considered more susceptible and are exposed to
increased cyberattacks. Cybercriminals find opportunities to defraud schools, steal
sensitive information or student data for a successful ransomware attack to extort money.
Victim organizations complying with criminals
To continue with student learning, education institutions were enforced to shift to
online/remote learning models. At the same time, institutions that faced ransomware
attacks also suffered from the pressure of quickly restoring their networks. As a result, the victim organizations have to comply with cybercriminal demands. For instance – a school in Texas lost its systems’ access and student and staff’s data. In order to regain access and stop the sensitive data from being published, the school had to pay $547000 to ransomware attackers in 2021.
Across Europe, America, Asia- Pacific and Central Asia, the Middle East and Africa, the
education sector faced the highest level of ransomware attacks in 2020. According to a
survey – the total bill for rectifying a ransomware attack including the downtime, time of
human resources involved, device and network cost, ransomware paid and many others
constituted $2.73 million – highest across sectors.
Shift to online learning platforms
With an enormous number of education institutions moving to online and video
conferencing platforms to conduct classes, the risk of cyber threats has emerged like
never before. The ransomware attacks have become more sophisticated to lure the staff
and students with harmless-looking weblinks, webpages and attachments. With
technology being incorporated across the education sector, one of the most popular
cyberattacks includes ransomware by creating a copy of the original website or
application where students and staff can enter their personal information and other
sensitive data. On the other hand, in a majority of cases, ransomware attackers block the
access of victims to their system or network even after they have paid the ransom.
Baiting opportunities / social engineering attacks
The trend of social engineering attacks is gaining huge popularity in the cyber crime
space. During the pandemic, the entire world suffered from an economic slowdown,
salary cuts and layoffs. The cyber attackers took advantage of the scenario
byusingemotional appeal to create a sense of excitement and curiosity to bait students
and staff to provide sensitive information. For instance – cybercriminals can launch
phishing campaigns to pose as school staff and ask students to submit information about
COVID vaccination from which the attackers can use confidential and personal details of
the students for malicious activities.
Cyberattacks increasingly became common with the widespread adoption of technology.
However, the bottomline is to educate teachers and students and have a working strategy
in place to prevent the attacks.
Karmesh Gupta, CEO and Co-founder, WiJungle