Active Ransomware Campaign Targeting Education Institutions

By Michelle Hon Donovan

The Department of Education issued a security alert stating that multiple schools have reported that they have suffered ransomware attacks. Ransomware is a type of malware that uses encryption to block access to a computer system unless a ransom is paid. Ransomware is commonly embedded in email attachments that infect a computer when opened. However, the Department of Education states that phishing attacks have been the primary method used in these reported cases, where the attackers used phishing schemes to gain access to account credentials and then used those credentials to install the ransomware.

The Department of Education recommends that schools implement the following cybersecurity practices to protect against such attacks:

  • Establish a data backup process, ensure the backups are available and accessible, and store the backups offline
  • Implement multi-factor authentication to mitigate account compromises
  • Regularly patch hardware and software
  • Continuously monitor institutional network to detect unauthorized access and malware
  • Create and update your Incident Response Plan
  • Ensure training resources emphasize phishing, as it is frequently the compromising entry point for cyber attacks

The Department also reminds schools that ransomware attacks should be reported immediately to the FSA security team.

Cybersecurity Update: Protecting Student Data Critical to Continued Participation in the Federal Student Aid Programs

On February 28, 2020, the U.S. Department of Education’s Office of Federal Student Aid (FSA) issued an electronic announcement regarding the enforcement of the Gramm-Leach-Bliley Act’s (GLBA) cybersecurity requirements for all institutions of higher education participating in the Title IV, Higher Education Act (HEA) federal student financial aid programs and their third-party servicers. The announcement states that auditors are expected to evaluate three GLBA information safeguard requirements in annual compliance audits of postsecondary institutions and third-party servicers. Any finding of noncompliance will be sent to both the Federal Trade Commission (FTC) and the FSA’s cybersecurity team for further investigation and potential adverse action. All Title IV participating institutions should consult with counsel about the very serious consequences and administrative actions that may be taken if they or their third-party servicers fail to meet the GLBA’s information security requirements.

To read the full text of this Duane Morris Alert, please visit the firm website.

© 2009- Duane Morris LLP. Duane Morris is a registered service mark of Duane Morris LLP.

The opinions expressed on this blog are those of the author and are not to be construed as legal advice.

Proudly powered by WordPress