Dresner Group Blog
Ransomware Attack Shuts Down Baltimore County Public Schools
The threat of ransomware has struck home to Maryland residents. Recently, classes for 115,000 Baltimore County public school students were canceled due to ransomware attacks. If your organization is not investing in security protocols, you too may find access to your critical systems under the control of a bad actor. As such an event can place your organization’s very survival at risk, you must take steps to prevent it from happening.
115,000 Baltimore Students Lose Access to Their Lessons
The attack, first detected after Thanksgiving, disrupted the school district's websites, remote learning programs, as well as it's grading and email systems, officials told WBAL-TV. Due to the extent of the attack on critical services, the school district disabled everything necessary to allow for remote learning, leaving students with no way to continue their education.
By the 1st week of December, students were allowed to return to their virtual classrooms, but all was not back to normal. The school district was still locked out of the learning portal, forcing them to find alternative methods to allow students to receive instruction. Despite this success, the fact remains, the school district is still struggling to work its way through the ransomware attack and may do so for the foreseeable future. This is clearly a tough situation for an organization that is already having to adapt due to COVID-19, so this disruption is definitely a pretty big deal. Local businesses could find themselves in the same situation if they aren’t careful.
Why is Ransomware Rampant Now?
Hackers understand that most organizations are struggling with adopting new technologies and have increased reliance on them to keep their operations up and running. In the post-coronavirus environment, any disruption of data or technology can be devastating to your organization; and this is what cybercriminals are counting on. Your organization needs to have a robust security plan and a reliable backup of all your data.
For most organizations, a sudden reliance on new technology, the lack of adequate security, and not having a continuity plan in place creates a perfect storm for a successful ransomware attack. We see an increase in ransomware attacks due to this reality and potential targets whose uptime is critical to their success.
In other words, most businesses.
While ransomware attacks are on the rise nationwide, some organizations make for more attractive targets. Historically, hackers have focused on financial institutions and other larger corporations, hoping that their reputations and resources to pay give them an incentive to remain silent about the breach. Today's bad actors have adapted their tactics to take advantage of the increased number of organizations who, while relying on technology, never developed the security protocols needed to protect themselves. Smaller organizations are smaller targets, but they are also easier targets.
Many of the recent victims of ransomware attacks have one thing in common: they are historically underfunded and/or serve the public good, such as medical institutions, school districts, and local government agencies. Due to this, these organizations often don't have the resources needed to invest in their network security fully. Moreover, they also lack the level of expertise required to develop a security strategy to predict, protect, and prevent these types of attacks from occurring or to respond when they do.
For any organization, having to respond to the coronavirus has put them on their heels, and one more blow may be the one to knock them down, perhaps for the count. Cybercriminals know this. They are acutely aware if access to your data (or computers) are blocked, you could be unable to remain open. What price are you willing to pay to stay in business? To serve your patients? To teach your students? That's the price these criminals will extort from you for them to release your data back to your control.
Maryland Businesses: Are You Backing Up Your Data?
Using Baltimore County school district as an example, if they didn't automate and back up daily, there could be a considerable amount of lost data. The data of 115,000 students, staff, financials, and more. Data they may not be able to recreate and will need to move forward without; not a great position to be in, regardless of your organization.
A ransomware attack will usually render all of the data on that particular device (and sometimes the entire network) unusable unless you pay the ransom. However, we emphasize that you should never pay these ransoms, as there is no guarantee your data will be returned and paying only encourages more attacks.
As noted, the Baltimore Public School District systems maintained the data of the 115,000 students, along with staff, and a wealth of other data, so we can certainly see its value to a hacker and why they were targeted. While there has not been an explanation yet as to how the attack occurred, there are tried and true methods cybercriminals use to gain access to a network. The majority of these tactics rely on human error: for example, phishing and poor password hygiene.
In various warnings about the increase in ransomware attacks, the number one cause of the intrusions has been phishing. Phishing is a technique used by hackers to gain access to confidential information such as passwords. Once the passwords are obtained, the hacker can access your systems and either steal your data or lock you out, holding your data for ransom.
Phishing is an effective tool for hackers because it uses social engineering to lull potential victims into a false sense of security when they click on a link or open an email. Some steps to take to reduce the chances of opening a phishing email include:
- Always using strong, unique passwords
- Checking the from email address in the header
- Not just opening attachments
You Must Train Your Team to Prevent Data Loss
One lesson learned from this attack is the importance of giving your team the skills needed to protect themselves from cyberattacks. As one teacher noted, "...There was a little panic because I'm not tech-savvy at all..." It is that fear cybercriminals count on, as often your team members will click or download a file in the hope of finding solutions when, in reality, they are spreading the infection deeper into your network. This is why it is critical to Educate Your Staff to Avoid Phishing Attempts.
Maryland Schools Aren’t the Only Targets Of Ransomware
There are other Maryland Small Businesses Being Targeted by Phishing Attacks. So while at first blush it would seem that if you’re a smaller business or a private one, you would have little to fear from a ransomware attack. After all, the hackers are targeting large and public institutions, why should you care?
However, as is often the case, smaller and medium-sized businesses like yours are intricately linked to larger businesses and that can make you a target for a variety of reasons. As we often remind Maryland companies, even small businesses are targets for hackers.
For the last couple of years, Maryland has invested considerable resources in developing their reputation as a technology hub, from ranking 3rd in the National Technology Index to welcoming a wide range of business technologies to the local area. Unfortunately, it may be due to Maryland’s embracing of business technology that cyber-hackers are attracted to our community, so it’s up to local businesses to support each other in the fight against them.
Cybersecurity Protection for Maryland Businesses
Don’t wait until you’re on the other end of a phishing attack, lost data or other disaster before you ask for help. As a local business in Columbia, Dresner Group is familiar with the Maryland business environment and has the experience to ensure the security solutions you choose will be right for your business. Call 410-531-6727 to schedule an appointment or cybersecurity audit. Dresner Group is committed to protecting your business, your staff, and your customers. Call today to learn how.