Cyber Extortion On The Rise In Education

As remote working systems become vital to the existence of every company, learn ways to help prevent ransomware and increase online security.
It comes as no surprise that ransomware has increased significantly during the pandemic, as remote working systems become vital to the existence of every company. Criminal groups known as ‘ransomware gangs’ actively hunt for vulnerable organizations and encrypt their data, then extort the institutions for the data’s return. Many education institutions have now experienced an attack of this sort, and some have publicly refused to pay the ransom, leading to ransomware gangs publishing the data they have stolen on the dark web.

According to new research by Microsoft, ransomware gangs are changing their tactics. They will sometimes lie dormant after breaking into an institution, and then activate their ransomware at a future date when the institution can least afford the downtime or exposure. The recent increase in ransomware is evidence of groundwork laid by these groups over the last 12 months.

How can we prevent ransomware?

If there were a simple solution, ransomware would not be the issue that it is. A good starting point is reading Microsoft's most recent ransomware guidance. It lays out how different ransomware groups operate and the techniques that disrupt them from taking control of the systems that you manage.

Unpatched RDP servers are the most common way ransomware gangs get in.

As you might expect, the solution is complex. From a higher-level point of view, there are a couple of actions that we can prioritize to limit the overall risk of ransomware:

  • Practice a ransomware drill. Whom do you call? Who provides immediate assistance? How do you get contact information if all the computers have been locked? Preparation can massively reduce the time to recovery.
  • Up to 90% of ransomware encryptions start with exposed RDP boxes. Ensure that any remote access service like this requires a VPN to access, and two-factor authentication. Do any of your servers show up on www.shodan.io?
  • Reduce access wherever possible, and avoid users with administrative access. Ransomware gangs can only steal what they can access.
  • Use reputable cloud vendors to store and process your data. Only keep locally what you can secure with confidence.

How StarRez protects you from ransomware

We think a lot about ransomware and disaster recovery in general, both because we take significant precautions to protect our local network and because we are often the only system left standing when an on-premises incident has occurred in a housing office. A key advantage of external cloud vendors is the separation from having that data stored within a different environment. As long as you are confident in your cloud vendor's security arrangements, they can reduce your exposure by being an independent system.

StarRez devotes much time to securing our cloud. Many technical controls need to be adjusted and updated as browsers roll out new security features, and our ability to deploy rapidly across cloud environments enables us to use these features. We also benefit from an additional layer of protection by being a SAAS company. Our customers' access credentials don't provide access to the underlying resources, so a ransomware gang can't encrypt the data in the same way as they would locally. Stolen credentials can still allow them to access data held in cloud vendors, so there has never been a better time to make sure you are using two-factor authentication for any sensitive login.

It takes a community

The rise of cybercrime and ransomware attacks highlights some of the changes occurring in the IT eco-system. Protecting against attacks like these will require more companies to focus on protecting their part of the supply chain. Hardware companies will need to harden the equipment they provide to data centers. Companies like Microsoft will set the platforms that run on top. Companies like StarRez will secure the applications that run on those PAAS resources, housing offices will secure access to that data, and the end-user will need to secure their personal information and login details. The eventual solution will be a community effort, and StarRez is committed to being part of that.

Rafe Hart
Rafe is the VP Security for StarRez. He loves technology and working with people. He leads agile teams and projects of all sizes.

 Elevate your offering with software that empowers communities