School is different this year. Technology isn’t an add-on used to enrich education; technology is an essential service for delivering education. The impact of ransomware attacks is made much more severe by this increased dependency.

Unfortunately, hackers are aware of this and have increasingly targeted school systems with ransomware. The latest victim was the Baltimore school district, which was forced to shut down prior to Thanksgiving.

Unlike other forms of malware, ransomware doesn’t attempt to steal sensitive information such as passwords. Rather, ransomware encrypts filesystems and then requests a ransom payment in order to provide the decryption key to make the data accessible again.

Defend Against Ransomware

To avoid being affected by ransomware, organizations should make sure their systems have the latest security patches installed. In addition, firewalls, spam blockers, and other technology should be used to prevent dangerous email from entering the network and to keep users from accessing dangerous sites.

A well-tested backup and recovery process is another important component of ransomware defense strategies. In many cases, recovering from ransomware will require restoring an undamaged copy of the data. To make sure the process will work when needed, the backup process should be scheduled to run regularly, with failure alerts monitored and the problem corrected. Backup copies should be stored separately from production data to prevent their being encrypted by ransomware. Advanced backup tools ensure that the backups are immutable, ensuring the malware cannot damage the data needed for recovery. In addition, the disaster recovery process should be tested to make sure the organization knows how to find and restore the needed data.

Recover from Ransomware

It may seem paying the ransom will speed the recovery process, but organizations should avoid that temptation. There is no guarantee that a working decryption key will be provided after the payment is made, and organizations that pay leave themselves vulnerable to future ransomware attacks with higher ransoms.

Instead, organizations should take steps to prevent the malware from spreading and then restore from backup. This requires:

• Isolating affected computers. Computers that have been infected by ransomware should be removed from the network so they cannot spread the malware to other computers. In some cases, it’s prudent to shut down and isolate other devices that shared the network as well.
• Locate and install and uncorrupted backup. In some cases, the ransomware may have infected a system and corrupted files written to backup devices. In other cases, the ransomware may have had the ability to encrypt backup devices as well. It cannot be assumed the most recent backup is valid.

Prescient Solutions provides affordable IT services to school systems, with a unique shared services model that allows even small systems to access IT support from certified experts. Whether your district needs to recover from ransomware or build out your network to provide more robust delivery of remote learning, Prescient Solutions has the capability and experience to meet the challenge. Contact us to learn why IT for education from Prescient Solutions will help you keep your students learning.