Ransomware Attacks on Schools ‘A Perfect Storm’


A wave of ransomware attacks on servers has been hitting the education sector hard.

Experts say SamSam ransomware has exploited the Linux-based application server JBoss and the library-management system Destiny. Schools comprise many of the institutions that operate those systems.

LogicNOW's Ian TrumpThe Cisco Talos Group estimates that $3.2 million machines are at risk.

“This has been with us for a really long time,” said Ian Trump, a security consultant with security provider LogicNow.

Trump said the attacks take advantage of the “gray area” among software vendors, their software’s platform and the customer. And that gray area starts with underfunded schools that lack the time and resources to devote to IT.

“… The reason why the schools in this particular case were targeted was the cybercriminals realized that [for schools] to keep all of those things up to date with the resources that have been allocated to school IT — is almost a no-win situation,” he said.

The lack of funds meant that many of the organizations couldn’t get their hands on technology like virtual private networks (VPN), and as a result, had to settle for open software.{ad}

“It just works. You don’t pay any attention to it. You may not even have the skillset to understand and fix it, and you really rely on your relationship with the vendor,” Trump said.

At the same time, the push for schools to use Macintosh or Windows computers and can lead to a lack of Linux understanding, Trump said.

“When you look at the skillset required in a school, you can see a heavy emphasis on Windows, a heavy emphasis on the OSX platform, and perhaps the skills in the Linux environment are not quite as advanced,” he said.

It all comes together to create what Trump calls “the perfect storm,” one that starts with a lack of resources in the IT department.

“Those economically constrained organizations that haven’t made an investment in IT security … are really being targeted by the cybercriminals,” he said.

The ransomware attackers have shifted their focus to schools after targeting hospitals, Trump said.

For now, Trump is calling for an awareness campaign that educates channel partners on how to address the gray area. His plan of defense includes identifying and updating machines, and emphasizing backup and recovery.

He warns that it’s time to take note of the problem, lest the infections spread.

“Because of my position as a security leader, of course, I would like a company to use our products, but … for the safety and security of the Internet, I want folks to take this layer defense strategy seriously and really look at the things they can do to prevent those infections,” he said.

Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 51093