Ransomware Guide for Schools

Ransomware attacks are a serious threat to schools and other educational institutions. They can disrupt the delivery of education, compromise the privacy and security of students and staff, and cause significant financial losses. In this blog post, we will explain what ransomware is, how it works, and what steps you can take to protect your school from ransomware attacks.

What is ransomware?

Ransomware is a type of malicious software (malware) that encrypts the data on a computer or network and demands a ransom for its decryption. The ransom is usually paid in cryptocurrency, such as Bitcoin, which makes it difficult to trace the attackers. The attackers may also threaten to delete or expose the data if the ransom is not paid within a certain time frame. Ransomware attacks are often carried out by cybercriminal groups that target vulnerable systems and networks.

Did you know? In July 2021, a global ransomware attack hit several organisations around the world, including some schools in New Zealand, using the IT management software Kaseya.

How does ransomware work?

Ransomware can infect a computer or network through various methods, such as phishing emails, malicious attachments, compromised websites, or remote desktop protocol (RDP) vulnerabilities. Once the ransomware is executed, it scans the system for files and encrypts them with a secret key that only the attackers know. The ransomware then displays a message on the screen or creates a text file with instructions on how to pay the ransom and decrypt the data.

What can you do to protect your school from ransomware attacks?

The best way to protect your school from ransomware attacks is to prevent them from happening in the first place. Here are some best practices that you can follow to reduce the risk of ransomware infection:

• Keep your systems and software updated with the latest security patches and updates. This will help you fix any vulnerabilities that could be exploited by ransomware.
• Use antivirus software and firewall on your computers and servers. This will help you detect and block any malicious activity or traffic on your network.
• Educate your staff and students about cyber security awareness and how to avoid phishing emails and other common cyber threats. This will help you prevent human errors that could lead to ransomware infection.
• Backup your data regularly and store it offline or in a secure cloud service. This will help you restore your data in case of a ransomware attack without paying the ransom.
• Implement a disaster recovery plan that outlines how to respond to a ransomware attack and recover your operations as quickly as possible. This will help you minimise the impact and damage of a ransomware attack.

What happens if your school has been targeted?

If your school has been targeted by a ransomware attack, it is important to take immediate action to minimise the damage and prevent further spread of the malware.

Following are the steps that your school is recommended to take:

1. Shut down your servers and devices that use compromised software

After detecting a ransomware attack, the first crucial step is to isolate any compromised systems or software from the network. Immediate action must be taken to shut down servers and devices using the compromised software. By disconnecting these affected systems, the spread of the malware can be contained, preventing further damage. Seeking assistance from your trusted IT provider is strongly advised to facilitate this process effectively.

2. Contact your IT provider, the Ministry of Education and your insurer (if relevant)

Without delay, inform your IT provider about the attack and seek their guidance and support. Simultaneously, it is imperative to notify the Ministry of Education, ensuring that they are aware of the situation and can provide necessary assistance. Additionally, if your school has an insurance policy covering cyber incidents, promptly contact your insurer to initiate the claims process. These actions will facilitate expert technical assistance, a comprehensive assessment of the damage, and access to resources that can aid in recovery.

3. Get your backups checked and get advice on restoring any encrypted or lost data

If possible, you should check your backups and attempt to restore any encrypted or lost data if possible. This will help you recover from the attack and minimise the impact on your operations. Seek professional advice and get help from your IT provider or relevant experts on the most effective restoration methods to employ.

4. Report the incident to CERT NZ

You should report the incident to CERT NZ, the national cyber security agency. CERT NZ can provide advice and guidance on preventing and recovering from ransomware attacks. By reporting the incident, you gain access to their expertise in preventing future attacks, identifying the attackers, and receiving essential guidance for recovery.

5. Communicate with staff, students and parents about the situation

Transparent and timely communication is crucial when responding to a ransomware attack. Engage in clear and informative communication with your staff, students, and parents, outlining the situation and potential impacts on their online services and data. This will help prevent confusion and ensure that everyone is aware of the situation. According to the Official Information Act 1982 (OIA), your school may need to comply with certain obligations when communicating with staff, students and parents about a ransomware attack.

You may need to:

– Respond to any requests for official information from staff, students, parents or other parties, unless there is a good reason to withhold it under the OIA¹².

– Protect the privacy of any personal information that may be affected by the attack, and notify the individuals concerned if there is a risk of harm or loss¹³.

Therefore, it may be best to seek advice from a lawyer to communicate the correct and necessary information, especially if the attack involves sensitive or confidential information, or if there are legal implications or obligations⁴⁵.  You may also want to seek advice from a cyber security expert to help provide guidance on how to protect staff and students’ personal devices and data from future attacks, and inform them of any resources or support available²³

Choosing an Antivirus Solution

Ransomware attacks have become a growing concern for schools around the world, and it is crucial to have a reliable antivirus solution to prevent these types of attacks.

Here are some important factors that school IT providers should look for when choosing an antivirus solution:

• Advanced threat detection capabilities
• Regular updates and patches
• Ease of use and management
• Centralised management and reporting
• Proactive customer support

For an in-depth explanation, please download our full ransomware guide.

Choosing the right antivirus solution is crucial for preventing ransomware attacks in schools. New Era Technology has an Antivirus Solution that provides schools with a powerful defence against ransomware attacks. The advanced threat detection capabilities and proactive approach ensure that your valuable data and operations are protected from evolving cyber threats. By choosing our solution, you can take a proactive stance against ransomware, safeguard your school’s digital environment, and ensure uninterrupted learning for your students.

Contact us to learn more about ways you can protect your school