On Tuesday, August 8th, 2023, the White House held a cybersecurity summit to address a recent wave of ransomware attacks targeting U.S. schools.
According to The Hill, at least 48 school districts have been victimized by ransomware attacks in 2023. Data from the Government Accountability Office (GAO) indicates that more than 1.2 million students were impacted.
“If we want to safeguard our children’s futures, we must protect their personal data,” first lady Jill Biden, who is a community college educator, said. “Every student deserves the opportunity to see a school counselor when they’re struggling and not worry that these conversations will be shared with the world.”
Ransomware remains a serious issue for government institutions.
The majority of effective ransomware groups are based outside of the United States — and many speak Russian, although there’s no evidence that the Russian government is directly sponsoring the attacks.
But the U.S. federal government has limited capabilities to arrest foreign cybercriminals. Federal authorities recommend utilizing strong security and privacy controls to stem the flow of ransomware, but many K-12 systems use relatively basic controls with improper implementations.
Those factors have made schools especially strong targets for bad actors. Unfortunately, affected institutions have limited options: Paying for ransomware is often illegal, and ransomware recovery — while possible in many circumstances — results in downtime.
And if bad actors can access compromised data, the consequences may be dire for K-12 students and staff.
“Do not underestimate the ruthlessness of those who would do us harm,” Homeland Security Secretary Alejandro Mayorkas said during the summit.
Related: 4 Common Ransomware Attack Vectors
CISA will increase security assessments for the K-12 sector.
The Cybersecurity and Infrastructure Security Agency (CISA) has pledged to increase assessments, while technology partners including Google and Cloudflare have offered to support the efforts.
Additionally, the Federal Communications Commission (FCC) has proposed $200 million over the next three years, earmarked for improving security on school IT systems.
CISA has also released guidance documents for K-12 institutions. At the summit, the agency promoted its Building Technology Infrastructure for Learning guidance, which includes mitigation techniques for preventing phishing and other common ransomware attack vectors.
All organizations are at risk of ransomware attacks.
Ransomware continues to threaten U.S. businesses and government offices, and that won’t change in the near future.
One report from Cybersecurity Ventures predicts that ransomware attacks will cost U.S. targets $265 billion annually by 2031. In 2021, the estimated cost was $20 billion, but because of the sensitive nature of ransomware attacks, analyzing the true cost is difficult.
Datarecovery.com provides ransomware recovery and mitigation solutions.
If your organization falls victim to a ransomware attack — or you’re ready to prepare a mitigation strategy — we’re here to help. Datarecovery.com provides ransomware recovery, investigation, and penetration (PEN) testing services to aid organizations of all sizes as they adapt to new cyberthreats.
To learn more, call 1-800-237-4200 and speak with a ransomware expert. If you’re weighing recovery options for a recent ransomware attack, you can also submit a case online.