Virtual learning faces another hurdle: ransomware
Vulnerable school districts on notice after Baltimore students hit with cyber "snow" days
For the third year in a row, Baltimore has suffered a ransomware attack — but this most recent incident cuts deep. Some 115,000 Baltimore County Public Schools students, already kicked out of school facilities by Covid-19, were kicked out of their virtual classrooms by the attack.
The hack has been playfully called a virtual “snow” day by some, but there’s nothing funny about it. The Baltimore incident reveals yet again — like several recent hospital system attacks — how unprepared the U.S. is for the current ransomware crisis.
The attack spanned the Thanksgiving break, so it might have been easy to miss, but parents and school administrators around the nation who are dealing with virtual classrooms should take note: ransomware gangs are actively hunting for fragile, critical systems, and virtual schools are an obvious target.
At a time when many students are relying more than ever on technology to learn, ransomware attacks on schools appear unrelenting. The Baltimore attack is the 78th successful attack on a U.S. school district or college this year, according to computer security firm Emsisoft. That follows 89 such attacks last year, with operations at up to 1,233 individual schools potentially affected, Emsisoft says.
“The ongoing barrage of attacks against the education sector is troubling for several reasons: the risk of data leaking, the disruption to kids’ eductions and, of course, the financial costs association with the incidents,” said Brett Callow, a researcher at Emsisoft. “Also troubling is the fact that attacks seem (to be) succeeding at the same rate as ever, despite school districts knowing they’re in the crosshairs.”
Ransomware gangs have added a dangerous new tool to their hack attacks. Recently, in addition to encrypting data and charging a “fee” for its decryption key, criminals are also stealing data from penetrated systems. This creates far greater risks for the victims, and allows criminals to demand high ransoms.
“Some of that data can be very sensitive. For example, in one recent case the data included documents detailing allegations of sexual assaults made by students against other students. Other cases have seen teacher payroll data published, including their SSNs,” Callow said.
Baltimore-areas schools “re-opened” on Wednesday, with teachers forced to come to school facilities for physical “confidence checks” on their computers, according to local TV reports. Lines formed early in the day, as recovery from the incident was complicated by Covid-19 restrictions, as is everything nowadays.
This is the third serious ransomware incident in Baltimore in as many years. Last year, city systems were knocked offline for the better part of May and much of June, preventing services like real estate transfers. A detailed timeline of that incident can be found here. City officials say they refused to pay the hackers’ $76,000 ransom, and ultimately paid $18 million to restore their systems. RobbinHood ransomware software was blamed in the attack; it was also used to attack the city of Greenville, North Carolina earlier that year.
And in March 2018, part of the city’s 911 system and other emergency systems were knocked offline in an incident that was later revealed to involve ransomware. That attack occurred just weeks after the city of Atlanta was hit by a crippling ransomware incident.
Little is known about the most recent Baltimore incident, but local media reports that some teachers’ files have been encrypted with the .ryuk extension, suggesting the Ryuk ransomware was used in the attack. Security firm Crowdstrike says Ryuk is operated by a Russia-based crime gang,
Is Bitcoin to blame?
Ransomware continues to run rampant, terrorizing health care providers and other critical computer systems. Reently, I published an “In Conversation” discussion recently about one main cause of the rise of ransomware: the rise of Bitcoin. Consultant John Reed Stark called for drastic steps to “stop the madness” by — if not making cryptocurrencies illegal — taking several steps to dampen crypto’s popularity with criminals.
“The bad news is that the train has left the station and an outright ban faces extraordinary practical hurdles. But the good news is that there already exists a litany of laws on the books that could significantly curtail Bitcoin’s expansion” Stark said.
In that piece, Emisoft’s Callow said governments should make ransomware payments illegal.
"Organizations are currently providing cybercriminals with a multi-billion dollar revenue stream – which is entirely funded by the public, albeit indirectly – and it makes absolutely no sense to permit this situation to continue,” he said. “The best way to protect organizations from ransomware attacks and to protect individuals from the consequences of those attacks is to make it illegal for organizations to pay ransoms. This would stop the attacks, and stop them quickly. Enough is enough. Governments need to ban ransom payments."