Tag: SCHOOLS. | Page 6

Ransomware Attacks on Schools Increased in Q1 2023

May 2, 2023/in Internet Security

Ransomware attacks on schools and other public institutions rose sharply in the past six months, according to a Virginia-based cybersecurity company that monitors worldwide activity on a quarterly basis.

GuidePoint Security, in its Q1 2023 Ransomware Report released in April, indicated a 27 percent increase in public ransomware victims — mainly in education, manufacturing, technology, health care, banking and finance industries — compared to the first quarter of 2022. It also noted a 25 percent rise from the last quarter of 2022. The report is based on public information.

The analysis indicated that “double extortion,” where the criminal operators encrypt files while also exfiltrating data, was a common tactic. In these instances, the ransomware groups retrieve data and then threaten to leak it to the public. The report identified two criminal groups, ALPHV and Medusa, as using this approach to extort institutions.

“Based on what we’ve observed during Q1 (849 total attacks worldwide), we assess that more advanced ransomware threat actors will increasingly deploy novel coercive techniques, particularly as the fallout of existing instances generates media coverage and civil lawsuits against affected organizations,” Drew Schmitt, a lead analyst for GuidePoint Research and Intelligence team (GRIT), said in a news release. “We can make this assessment based on the increased prevalence of these techniques in open source reporting and internal research, as well as our technical and professional understanding of business risk as it pertains to ransomware events.”

The analysis measured activity worldwide, though the United States reported the highest number of attacks, at 46 percent, followed by the United Kingdom, Germany, Canada and France.

The education industry, specifically, saw a 17 percent increase from Q4 2022 to the first quarter of this year. This sector is unique in that while classes are not in session year-round, administrative offices are often staffed 12 months a year. Because of this “year-round victimization,” the report said, students are not always the “weak link” for intrusions….

Source…

Jefferson County Schools Hit By Ransomware

April 3, 2023/in Internet Security

(TNS) — The Jefferson County School System said it was the victim of a ransomware computer attack during Spring Break.

The school system said in a news release that its technology team “took immediate steps to stop the attack and notified state and local authorities.”

According to the U.S. Cybersecurity and Infrastructure Security Agency, ransomware is “a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.”

Attackers sometimes also threaten to release sensitive data unless a ransom is paid.

The school system said preliminary investigations have not revealed any evidence of a breach of sensitive personally identifiable information.

“We will continue to investigate any possibility of compromised data and notify stakeholders accordingly if discovered,” the news release stated. “We have engaged outside cybersecurity experts and law enforcement officials to assist.”

The district said it uses multiple security protocols including filtering, firewalls, and antivirus systems, which allowed them to catch the attack early.

“Out of an abundance of caution, we have taken all network systems down to investigate thoroughly,” the system said. “These networks will be reconnected as we take steps to ensure all traces of malware are gone.”

Source…

UNO one of 5 schools grappling with internet security breach | Education

March 25, 2023/in Computer Security

The University of New Orleans and four other Louisiana college sites were affected by a computer system “compromise,” leading UNO to shut down its campus internet Friday.

UNO announced the irregularity in a Twitter post, and identified the other affected schools as the LSU Agricultural Center, Nunez Community College, River Parishes Community College and Southern University at Shreveport.

The University has detected an indicator of compromise, prompting us to proactively bring down our campus internet system to operationalize security features. A total of five colleges and universities are conducting similar activities: UNO, LSU Agricultural Center, Nunez (Cont.) pic.twitter.com/Z9RO30ANZp

— University of New Orleans (@UofNO) March 24, 2023

UNO said it was working with the Governor’s Office of Homeland Security and Emergency Preparedness and Louisiana State Police on the issue. UNO said it shut down multiple virtual programs on campus, including email and learning platforms.

“Keeping our campus safe is our top priority,” one tweet said.

The compromise comes a month after Southeastern Louisiana University at Hammond reported a “security incident” and shut down its computer network. That lasted almost three weeks.

UNO spokesperson Adam Norris would not comment on UNO’s issue Friday night, saying the university will update its social media.

Source…

Ransomware group claims massive data leak but Minneapolis schools files’ whereabouts a mystery

March 19, 2023/in Internet Security

This story comes from The 74, a nonprofit news organization that covers education in America.

A cyber gang claims it published what could be a startling amount of stolen Minneapolis Public Schools records to the internet after the district failed to meet a $1 million extortion demand, but where the actual files are now remains something of a mystery.

Early Friday morning, after the Medusa gang’s countdown clock on the ransom deadline struck zero, the files weren’t readily available for download on its dark web leak site. Instead, a “Download data now!” button directs users to contact the ransomware gang through an encrypted instant-messaging protocol. Attempts by The 74 to reach the gang have been unsuccessful.

Files from previous Medusa victims are available on a website designed to resemble a technology news blog — a front of sorts. Unlike the Medusa blog, this site is not relegated to the dark web and does not require special tools to access. Download links are also posted in a channel on Telegram, the encrypted social media service that’s been used by terror groups and far-right extremists. Yet as of Friday afternoon, the files purportedly stolen from the Minneapolis district were not available for download on either platform.

Data breaches from previous victims appear to be uploaded to the faux technology news blog about a month after their ransom expires, suggesting that the Minneapolis files could become available online after a brief lag.

Still, in a statement on Friday, the district said it “is aware that the threat actor has released certain MPS data on the dark web today.”

“We are working with cybersecurity specialists to quickly and securely download the data so that we can conduct an in-depth and comprehensive review to determine the full scope of what personal information was impacted and to whom the information relates,” the district continued. “This will take some time. You will be contacted directly by MPS if our review indicates that your personal information has been impacted.”

Early indications suggest the files contain…

Source…

Tag Archive for: SCHOOLS.