Recent Attacks on Education and Government Inflict Harm on Unprepared Organizations
Digital threats come and go. But for the last five years, ransomware has evolved from a rare nuisance to a serious burden to a significant existential threat for businesses and organizations across North America. Defined as an infection that allows hackers to gain access to data, encrypt it, and then threaten to withhold access to it until a monetary ransom is paid, ransomware made international headlines last week.
First, Lincoln College, an educational institution in Illinois that opened its doors in 1865, announced that it would permanently close after failing to recover from a December 2021 ransomware attack. On the same day, the Central American country of Costa Rica declared a national state of emergency due to ongoing ransomware attacks that, since April, have targeted federal tax collection, customs, human resources, and labor ministries.
Both ransomware infections were attributed to foreign hacking organizations: Lincoln College’s by an outfit based in Iran and Costa Rica’s by the Russian-speaking Conti gang. The two stories diverge, however, in the response to the ransomware infection. Lincoln College reportedly paid upwards of $100,000 to retrieve its stolen data, while the government of Costa Rica has so far not paid any ransom, leaving several of its critical online systems crippled for weeks on end.
Why These Targets—And Why Now?
However, Lincoln College didn’t retrieve its recruitment, retention, and fundraising information for nearly four months after the initial ransomware infection was detected. By the time its data was restored, significant enrollment shortfalls forced the school to suspend normal operations and announce the closure, disappointing thousands of students, faculty, and alumni who took pride in their Lincoln College roots.
As for the Costa Rican attack, government officials claim their country has been targeted by “cyberterrorists.” The strain of ransomware, called “Conti,” that has affected the country is now the costliest variant ever documented, the FBI says. Since January 2022, more than 1,000 victims of attacks have paid more than $150 million in ransom, and the US State Department is currently offering a $10 million reward for information leading to the identification of the Conti group.
Hackers around the world have used ransomware to attack British hospitals, Chinese universities, German railways, Russian banks, Indian airlines, the Japanese police, and utility companies across the United States. Smaller businesses are increasingly being targeted, as well; in 2020, more than 20% of all ransomware attacks struck small companies and mid-sized cities like Baltimore and New Orleans.
Local schools and hospital networks have also been targeted, as the critical nature of day-to-day IT operations often forces leaders to pay quickly for access to stolen data. In 2021, 1,043 schools in the U.S. were the victims of ransomware attacks, and the average cost of a ransom attack directed at a college or university is roughly $115,000. Compare that to the $5 million paid by fuel and gas company Colonial Pipeline in 2021 to recover data stolen in a ransomware attack.
How to Protect Your Organization
It’s tempting to feel overwhelmed by these attacks, especially as they increase in frequency and impact. Since it only takes one click on one malicious link or one download of an illicit file for ransomware to take over IT systems, it’s easy to assume that there’s no good way to protect your business.
But there are actually several key steps that can build extra layers of protection around your system. Here are five that CMIT Solutions recommends:
1. The most important component is reliable, regular, remote, and redundant data backups. The common thread in every ransomware attack that sees a company pay an actual ransom to actual hackers is the lack of trusted data backups. When these are in place, recovery can be quick and relatively painless: a trusted IT provider can help you remove the ransomware from infected computers, wipe all affected systems clean, retrieve data from its latest backup point, and reinstall everything you thought you had lost.
2. Those data backups are only as reliable as the process by which they can be recovered. Lots of businesses practice their disaster recovery and business continuity plans in advance of natural disasters like hurricanes, fires, or floods. But preparation can be critical in the face of manmade disasters like ransomware, too. If data retrieval protocols are in place, then reviewed and tested ahead of time, your company can often bounce back from a ransomware infection in mere hours. But your incident response plan has to be in place before disaster strikes. If it’s not, your employees will be left scrambling to react to a crisis instead of calmly responding with steps they’ve already practiced before.
3. Real-world cybersecurity awareness training can prevent infections. This type of ongoing education may seem redundant—until one of your employees uses a tactic he or she learned in advance to identify a spam email, report a phishing attempt, or spot a malicious web ad. Simulation training can empower your staff with practical and pragmatic tips to stop ransomware, while step-by-step checklists outlining what to do in case a suspected ransomware infection begins can isolate an issue before it spreads to connected devices.
4. Enhanced credentials and login protocols can block unauthorized account access. We often discount the power of a strong password or shrug off the annoyance of multi-factor authentication (MFA), but beefing up your digital identity is always a good idea. Stealthier and more sophisticated forms of ransomware are now attempting to gain unauthorized access to a user’s computer, either by guessing weak passwords or compromising credentials for one account and then attempting to use them to log in to other accounts. MFA, which requires a user to enter both their password and a unique code usually delivered via text and email, and single sign-on (SSO) apps) can mitigate these issues, though. Business-grade password managers can also solve the “password123” dilemma, creating random passwords for different accounts but requiring users to memorize just one core master password.
5. Dedicated support can strengthen your overall cybersecurity situation. Working with a trusted IT provider can make a world of difference. First and foremost, every good technology partner will insist that you have reliable data backups in place. In addition, smart cybersecurity experts will devote extra time and manpower to anticipating the next ransomware strain or point of attack. Sometimes these pop up via vulnerabilities in outdated software or weakened network settings—IT components you may not know how to look for. But a knowledgeable partner can help you anticipate these issues, prepare for attacks, and mitigate the impact of any infection with a multi-layered approach that includes content filtering and traffic analysis, SSL decryption and inspection, 24/7 monitoring, threat detection, and endpoint detection to scan for attacks.
At CMIT Solutions, we aren’t surprised by the continuing proliferation of digital threats like ransomware. Americans connect to the Internet using hundreds of lightly protected devices every second, which is why we continue to fight back by defending data, securing networks, and empowering our clients to take cybersecurity seriously.
We’ve spent 25 years protecting businesses of every size in every industry. Whether you work in education, government, finance, law, or any other vulnerable vertical, we have the experience necessary to keep you safe from ransomware. Contact us today to find out more.