‘Data-rich, resource-poor.’ Why Michigan schools can be a ‘soft target’ for ransomware attacks

JACKSON, MI – When the South Redford School District became the target of a cyber attack earlier this fall after a staff member clicked on a malware link, Superintendent Jason Bobrovetski credited the swift work of cyber forensic experts and the district’s technology service providers for preventing the attack from “turning into something greater.”

Even though students missed two days of school, Bobrovetski said the district’s network monitor with the Wayne Regional Educational Service Agency (RESA) had proactive measures in place to ensure the attack didn’t result in a ransomware incident, while cyber security experts were brought in to cleanse and restore functionality to the district’s network over several days.

It was a cumbersome process, he said, but it could have been worse.

“The number one thing that any organization, district or business can do is to look at and review what preventative measures they have in place, inclusive of their insurance policy as it pertains to cybersecurity,” Bobrovetski said of leaning on experts to resolve the issue.

RELATED: Ransomware attack keeps Jackson, Hillsdale county schools closed again Wednesday, Nov. 16

With fewer resources to address these attacks, however, schools across the country have become prime targets of cyber attacks. Three federal agencies – the FBI, Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) – released a joint advisory in September warning that a gang known as Vice Society are disproportionately targeting the education sector with ransomware attacks.

In Jackson and Hillsdale counties, a ransomware attack kept students in 20 school districts out of classes for three days this past week, as the Jackson County Intermediate School District continues to work with external cybersecurity advisors to restore the remainder of its secondary systems.

The attack was first reported to the Michigan State Police on Sunday, Nov. 13, said Lt. Mike Teachout. MSP, in collaboration with the FBI, is still actively investigating the attack, Teachout said. Little information about the nature of the attack and the identity of the perpetrators has been…