Ransomware Roundup: Cities and Schools Are High-Profile Targets

IT budget constraints and lack of dedicated resources make public networks used by cities and schools enticing targets for cybercriminals. These recent cases show just how fast ransomware attacks can disrupt unprepared organizations.

• Oakland, CA declared a local state of emergency after a Feb. 8 ransomware attack because of the impact of a ransomware attack forced the city to take all of its IT systems offline. The incident did not affect core services including 911 dispatch and fire and emergency resources, but many systems taken down immediately after the incident to contain the threat are still offline. The ransomware group behind the attack is currently unknown, and Oakland officials have not released details on ransom demands or possible data theft.
• A late January attack forced schools to work online after hackers held data hostage from Tucson Unified School District, the largest district in southern Arizona. Staff across the district found a letter in their printers claiming the system was hit by Royal ransomware and the district’s data was allegedly encrypted and copied. It took nearly two weeks for network access and systems to be restored, and the district says it has increased its cybersecurity.
• Nantucket public schools were forced to close for several days after a ransomware attack in late January, as the district shut down all student and staff devices as well as the school system’s safety and security systems, including phones and security cameras.

As a response, the Cybersecurity and Infrastructure Security Agency released a plan to help schools strengthen their cybersecurity. Considering the resource and budget hurdles districts tend to face, it recommends small steps, encouraging organizations to start with a “small number of prioritized investments,” like setting up multi-factor authentication, creating and testing an incident response plan and implementing cybersecurity training. It’s never a bad time for your organization to get up to speed on the latest cyber strategies. Register now for our Cyber Resilience course and discover how business continuity and cybersecurity must integrate within every organization, using the five elements of cyber resilience: prepare/identify, protect, detect, respond, and recover. Collectively, these concepts and the resulting action plans will help to develop a strategy to effectively respond to unforeseen events and get your organization back up and running as quickly as possible.