In February of 2016, South Carolina’s Horry County School District had no choice but to pay a $10,000 ransom to unlock critical data and systems following a ransomware attack. But, could the attack have been prevented — or perhaps after the school district was attacked, could they have avoided paying the ransom?
It’s no secret that we’re right in the middle of a ransomware epidemic, where the example here of Horry County having to pay to unlock critical files has become far too common. But what if Horry County’s users were more aware of how to detect possible threats like ransomware? Would the outcome have been different? Let’s examine why proactive user training and awareness can help keep students and faculty safe from cyber threats.
As advances in technology allow school faculty and students to stay more connected, these new technologies are opening a world of opportunity for cybercriminals to install malware through the various threat vectors: email, websites, mobile devices, and the network edge. Cybercriminals exploit vulnerabilities to deliver malware into a system, and many times these attacks are targeted at users, hoping that they will be tricked into unknowingly facilitating the attack.
In a ransomware attack, the malware encrypts your data and demands a ransom in order to restore your access to the locked files. This is big business. In fact, the FBI reports that $209 million was paid to ransomware criminals in the first quarter of 2016 alone, and the value of these ransoms is becoming increasingly large.
A common challenge in defending against ransomware is that the user community is the weakest link in any organization’s security posture. Most instances of ransomware aren’t deliberately introduced by the end-user in a malicious manner, but humans are susceptible to falling for a well-crafted attack. As Horry County learned, any organization whose user base includes young people and children is an especially tempting target for ransomware criminals. Young users are simply less mindful of potential consequences and more likely to open suspicious emails and attachments, which is how most attacks begin. Users need regular reminders of the need to exercise caution when opening email attachments or clicking embedded links in emails. Regular education is required to make sure security is second nature to all users in the network.
Most ransomware attacks begin with an email containing a malicious link or attachment, and about 70 percent of cyberattacks are introduced through the email vector. Malware can be embedded in emails with a Word document or PDF for example, and can then leverage and bypass other vectors to further infiltrate your network. Consequently, the single most important measure you can take to reduce the likelihood of a successful attack is to train yourself, your students, families, and your staff to practice safe computing and recognize red flags that indicate a potentially malicious email.
A good place to start would be to ensure that all users understand the following key practices and maintain awareness with a program of regular reminders:
- Don’t open suspicious emails. Pretty much anything unexpected or out of the ordinary is a potential attack, even if it comes from a trusted source. If possible, contact known senders separately to confirm that the email is authentic before opening.
- Learn to spot red flags. Some telltale signs of an attack include:
- Unexpected grammar or spelling errors in a supposedly professional email.
- Odd, middle-of-the-night time of sending.
- Typosquatting, in which the “From” domain looks legitimate at first glance but is intentionally misspelled or has things added — “email@example.com,” for example.
- Buttons and links in the email that connect to unexpected, suspicious URLs. To check this, hover the cursor over the link or button, and the URL will appear at the bottom left of your window. Train students and staff to do this reflexively.
- When in doubt, delete!
According to the educational technology magazine, The Journal, malicious emails and a general lack of cybersecurity training are the leading cause of a successful ransomware attack. Today's organizations must provide regular cybersecurity training to ensure all users are able to spot and avoid a potential phishing scam in their inbox — a leading entry point for malware. The Journal specifically highlights that cloud services are not immune to ransomware. 70 percent of respondents to the report said they have been infected via Dropbox, 29 percent via Office 365, and 12 percent via Google Apps. These popular services are being utilized by K-12 organizations to increase connectivity and productivity. As a result, these cloud services are quickly becoming a point of entry for cyber-attacks.
The good news is that simple, proactive measures such as training users and building awareness around the gravity of cyberthreats can greatly improve your organization’s security posture. By creating a culture of informed and alert users, cyberattacks can be thwarted before they have the chance to exploit your data.
In our next post we’ll look at solutions that will help you secure your network against cyberthreats.
Darius is a veteran of the network industry, with more than 21 years of experience in networking products, enterprise marketing and business development. He is currently Director of Product Marketing for Security at Barracuda Networks.