Iowa School Districts Fall Victim to Ransomware

In response to an apparent ransomware attack on a Cedar Rapids-area school district, Aureon offers eight recommendations and a free risk assessment to Iowa schools.

Articles published September 26, 2022

Iowa school administrators are justifiably concerned after a Cedar Rapids-area school was hit by an apparent ransomware attack. Although school officials are yet to confirm the attack, local news outlets are sharing a screenshot from a school computer that shows a threat that, in part, says, “all your files have been encrypted by Vice Society.” The threat goes on to say that data will be shared on the dark web unless an undisclosed amount is paid.

At stake is potentially sensitive student and staff data finding its way into the hands of bad actors, making those people vulnerable to cybercriminals. Additionally, with most ransomware attacks taking 2-4 weeks to resolve, the district may not have time to restore their systems before the start of the school year.

What is Ransomware?

Ransomware is malware that encrypts files on a computer or network. Cybercriminals use this malware to deny institutions and businesses access to their own computer data and then “ransom” the data back to the institution for an exorbitant amount.

These attacks are often so crippling and so difficult to resolve that paying the ransom is often the easiest and least-costly way to regain access.

Unfortunately, according to Security Week, 80% of companies that pay the ransom will fall victim again, and 40% will pay again; 70% of those will end up paying a higher amount the second time.

How Do Ransomware Attacks Happen?

Ransomware is often spread through phishing emails (fraudulent messages that appear to be from a reputable source) that contain malicious attachments. When the recipient opens the attachment, the malware has access to that device and any network it’s connected to.

Another common source is “drive-by downloading.” Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user's knowledge.

How To Protect Against Malware

The statistics on ransomware are startling. The FBI expects the ransomware industry to reach $1 billion for cybercriminals this year, and the government reports that more than 4,000 ransomware attacks happen every single day.

All organizations big and small are at risk for ransomware attacks and should have protocols to limit their risk. Aureon recommends eight steps to mitigate the risk of ransomware at your institution:

1. Employee awareness
2. Eliminate or disable automatic macros
3. Block internet ads
4. Update and patch your systems and software regularly
5. Limit administrative access
6. Have software restriction policy in place
7. Back up your data regularly
8. Have a response plan in place

Read more about how to prepare, protect, and defend your school from ransomware attacks at this link: Ransomware: Is Your Organization Prepared?

Is Your School at Risk for a Ransomware Attack?

In response to the apparent ransomware attack on a Cedar Rapids-area school district, Aureon is offering a complimentary risk assessment to all Iowa school districts.