Educational Institutions a Recent Target for Ransomware Attacks

Nov 09, 2020

Educational Institutions a Recent Target for Ransomware Attacks Image

Yazoo County School District in Mississippi recently voted to pay out $300,000 in order to regain access to affected files and prevent sensitive information from being leaked on the internet. Yazoo County School District is one of many educational institutions to be hit by ransomware attacks this year alone, as educational institutions have been identified by cybercriminals as a soft target for ransomware attacks. Other institutions that were hit include the University of California San Francisco ($1.14 million), Butler County Community College ($147,000), and Mountain View Los Altos Union High School District ($50,000) amongst a multitude of others.

“Part of that is ease of entry, whether you are talking about grade school, high school, or college there are generally many internet-facing systems associated with a school. There is also often little budget for security, meaning attackers have lots of opportunities to gain access. Computing services are also increasingly critical to the functioning of the school.”

Allan Liska, Recorded Future

As discussed in the quote above, educational institutions have been a soft target for cyberattacks due to ease of entry for cybercriminals. This ease of entry is defined by a large number of entry points, coupled with very little set aside for security budgeting. When combined with their crucial need for computing services, especially during the COVID-19 pandemic, these institution’s willingness to pay has gone through the roof.

Educational institutions’ willingness to pay is directly correlated to their ability to pay, as many have cyber insurance policies. It’s important to note it’s not uncommon for businesses to operate similarly, under budgeting for security and relying on their cyber insurance policy to bail them out. Companies and educational institutions simply paying ransoms and falling back on their insurance may work in the short term; however, it presents numerous long term complications. As hackers cash out on ransomware attacks, these attacks become more prolific, sophisticated, and expensive. Companies not only incur ransom costs, but accrue long term costs associated with increased premiums, damage to a company’s reputation, and place their employees and customers at risk.

The lack of security budgeting combined with institutions’ willingness to sell out to cybercriminals has caused attacks of this nature to become prolific. Being in the position where one must decide to either pay a ransom or not is completely avoidable; therefore, having sound cybersecurity support to secure data before compromises occur is essential. This is exactly where Secuvant can assist companies by aiding them in the practice of stellar cyber hygiene, in turn avoiding disruptions, lowering cyber insurance premiums, protecting your brand and reputation, and securing consumer data.

About Secuvant:

Located in Salt Lake City, Utah, Secuvant is a global leader in integrated cyber threat analytics and risk advisory services, built on a value system of client focus, integrity, accountability, execution, and teamwork. Secuvant’s mission is to provide clients with a Clear Path Forward in their pursuit of establishing an acceptable security risk posture. Secuvant’s success is built upon strict adherence to its values, a functioning world-class advisory board, the unique combination of cybersecurity expertise and industry / vertical specialization, and a team of experts that repeatedly deliver best-in-class managed and advisory cybersecurity and risk services. Secuvant understands Cyber Risk is Business Risk™ and uses methodologies and metrics aimed at minimizing business risk. Services include, but are not limited to, Security Gap and Risk Assessments, Risk Program Management, Executive and Board Cyber Advisory, Penetration Testing, Security Monitoring, Managed Detection and Response and Incident Response services. To learn more visit www.secuvant.com.