To inform proactive ICT planning for the 2019/20 academic year, and following our previous guidance on schools and ransomware, this is a blog and accompanying webinar from our expert Online Backup partners Redstor.
Ransomware – a threat for all schools
Ransomware has been a growing threat since 2016 and cyber-criminals are today purposefully targeting schools, knowing the value and sensitivity of personal data they hold and the need to recover it quickly. Criminals typically demand that ransoms are paid in crypto-currency, whilst the amount demanded can range from thousands to millions of pounds.
A Ransomware attack is a malware-attack that infects a user’s device, encrypting data or the system itself and demanding a ransom is paid for access to be returned.
This informational webinar is brought to your school or MAT by Redstor and School Business Services (SBS)
Ransomware attacks often rely on fooling a user on the network into unwittingly executing the ransomware virus. The top causes of this are staff opening malicious email attachments or visiting malicious websites. In 2016, these accounted for 82% of all ransomware infections. While cyber-security solutions are evolving to deal with the threats of ransomware attacks, cyber-criminals are developing strains to actively beat anti-virus software and remain undetected in systems for longer before infecting data.
The return of WannaCry
One strain of ransomware that has caused major issues for organisations of all sizes over the years is WannaCry. Grabbing headlines in the process, the WannaCry strain of ransomware infected in the region of 300,000 organisations in May 2017, in just 3 days.
The speed of the attack and range of organisations hit meant that the effected were felt across the globe and first brought ransomware to the attention of many. The continued use of the strain could be down to its effectiveness and the ease at which it can be deployed, email being the easiest way.
In addition to monitoring machines and utilising antivirus protection, it is vital that organisations regularly update and patch machines. This ensures the latest vulnerabilities discovered by manufacturers and software vendors are made secure, ensuring cyber-criminals cannot exploit them.
A threat to all data
Ransomware strains typically encrypt data on a file server or network, rendering it inaccessible until a ransom has been paid.
This leaves users with two choices: pay the ransom, hoping that the perpetrators adhere to their word; or restore systems from a previous backup. However, with ransomware strains evolving to make them more effective the method of restoring data from a backup can be at risk too. Many variants of ransomware are designed to attack specific file types.
There are some strains that perform volume-level encryption or that attacks all files, regardless of type. Therefore, any backup that’s directly accessible through a computer’s file system is vulnerable to ransomware. Ideally, a backup application should be able to pull data from a protected host without that host requiring a direct mapping to the backup.
Securely backing data up off-site or at least off of a primary network adds a layer of resiliency that on-site backups don’t, ensuring backup sets are available on-demand.
Public cloud offerings can also be put at risk from ransomware and malware strains, with corrupted data or malicious files being accidentally stored or accessed in platforms.
Staying protected against the threats of Ransomware
Protecting against the threats of ransomware and other cyber-threats should be a priority for schools, colleges and trusts, the threats themselves can cause downtime and disruption but the truth is, if vital work, lesson planning and course work cannot be recovered then almost everyone within a school environment will feel the negative effects.
Once it has targeted your server, the ransomware will seek and infect all onsite data storage, as depicted above.
Ransomware strains have been developed to identify and encrypt on-site backups, making it even more vital to ensure that a secure off-site copy of data that cannot become infected exists.
Redstor and SBS are here to advise
If your systems were infected by a ransomware attack, would you be able to recover your data?
Redstor have helped hundreds of schools recover from ransomware without paying a ransom. By instantly streaming data on-demand, Redstor eliminates downtime and ensures that users can access data when they need it most.
The SBS Procurement team works in partnership with Redstor to deliver a complete solution for customers. If your school would like to discuss eSafety in detail, please call 0345 222 1551 • Option 7 or email procurement@schoolbusinessservices.co.uk.
For more information on Redstor visit their website. See the webinar on YouTube.
Do you need to buy new desktops and laptops for your staff and students? Schools can save up to 40% on equivalent new models by purchasing quality refurbished ICT hardware from SBS.
Used by over 900 schools, SBS Online is a secure, cloud-based budget management system, incorporating budget planning and monitoring in one easy to use interface.
Ideal for schools, academies and MATs, our Managed Service for Finance & Business provides peace of mind that day-to-day operations are managed by a strong, experienced team.
Please be advised that schools have received emails today claiming that there is a student onsite with a bomb and are demanding $5,000.
We have contacted the anti-terrorism unit and they are treating this as a generic hoax as hundreds of schools have received the same email. They are not recommending schools evacuate.
Please be advised that schools have received emails today claiming that there is a student onsite with a bomb and are demanding $5,000.
We have contacted the anti-terrorism unit and they are treating this as a generic hoax as hundreds of schools have received the same email. They are not recommending schools evacuate.
Please be advised that schools have received emails today claiming that there is a student onsite with a bomb and are demanding $5,000.
We have contacted the anti-terrorism unit and they are treating this as a generic hoax as hundreds of schools have received the same email. They are not recommending schools evacuate.
Please be advised that schools have received emails today claiming that there is a student onsite with a bomb and are demanding $5,000.
We have contacted the anti-terrorism unit and they are treating this as a generic hoax as hundreds of schools have received the same email. They are not recommending schools evacuate.
Please be advised that schools have received emails today claiming that there is a student onsite with a bomb and are demanding $5,000.
We have contacted the anti-terrorism unit and they are treating this as a generic hoax as hundreds of schools have received the same email. They are not recommending schools evacuate.
Please be advised that schools have received emails today claiming that there is a student onsite with a bomb and are demanding $5,000.
We have contacted the anti-terrorism unit and they are treating this as a generic hoax as hundreds of schools have received the same email. They are not recommending schools evacuate.
Following the recent NHS Ransomware crisis, as well as many other organisations being impacted, we feel it is important to send out an update on this subject.
Following on from our blog last month about schools receiving Vishing (‘Voice phishing’) phone calls from fraudsters posing as ‘Department of Education’ officials, please be aware that school staff are receiving phishing emails posing as headteachers that request payment transfers. What activity has been reported? A member of staff (such as the School Business Manager) […]
