The Department of Education issued a security alert stating that multiple schools have reported that they have suffered ransomware attacks. Ransomware is a type of malware that uses encryption to block access to a computer system unless a ransom is paid. Ransomware is commonly embedded in email attachments that infect a computer when opened. However, the Department of Education states that phishing attacks have been the primary method used in these reported cases, where the attackers used phishing schemes to gain access to account credentials and then used those credentials to install the ransomware.
The Department of Education recommends that schools implement the following cybersecurity practices to protect against such attacks:
- Establish a data backup process, ensure the backups are available and accessible, and store the backups offline
- Implement multi-factor authentication to mitigate account compromises
- Regularly patch hardware and software
- Continuously monitor institutional network to detect unauthorized access and malware
- Create and update your Incident Response Plan
- Ensure training resources emphasize phishing, as it is frequently the compromising entry point for cyber attacks
The Department also reminds schools that ransomware attacks should be reported immediately to the FSA security team.