Ransomeware

Ransomware is a cyberattack that involves criminals encrypting files and rendering them unusable until a victim has paid a ransom. Photo Credit: ClipArt.com

It’s been a trying year for U.S. cities, but for Baltimore these problems didn’t just involve the pandemic, a more modern issue continues to plague the city—ransomware.

Ransomware, a cyberattack that involves criminals encrypting files and rendering them unusable until a victim has paid a ransom, has traditionally targeted the enterprise. However, in recent years the public sector has caught the eye of cybercriminals looking for easy paydays. In 2019, more than 100 local governments were hit with ransomware.

The City of Baltimore found itself on the receiving end of this trend in March 2018 when its dispatch systems were taken over for nearly 20 hours during a ransomware attack, and again 15 months later when it was hit by a strain dubbed, “Robbinhood,” costing the city nearly $20 million in recovery costs. However, in 2020 a new pursuit emerged that sought to take advantage of changes brought on by the pandemic— schools.

In 2020, ransomware hit more than 1,600 schools, and unfortunately Baltimore again found itself at the center of this trend. In November 2020 Baltimore County Public School System, a district that boasts over 170 schools, was shut down after an attack interrupted online classes for more than 100,000 students. This happened just a month before the FBI officially deemed ransomware in schools a problem, stating that nearly 60 percent of reported incidents in the fall involved K-12 schools.

So, why this sudden pivot to schools?

Unlike businesses, schools are working with little security resources— a recent study from IBM shows more than half of K-12 administrators and educators in the U.S. have not even received basic cybersecurity training. And with schools known to store sensitive data, from social security numbers to medical history, attackers can easily gain leverage for payment. These security weaknesses have only exacerbated with COVID-19— nearly80 percent of educators say they’re currently using online learning (some for the first time), which has opened up a  vast new attack surface, one cybercriminals are eager to take advantage of.

With such a devastating string of attacks behind the City of Baltimore, it’s easy to draw the conclusion that attackers are seeing something that keeps them coming back for more— and it could be our school’s large pockets. Maryland hosts some of the country’s most funded districts (something we’re very proud of)— Baltimore City, Baltimore County’s neighboring district made up of over 160 other schools, ranks as one of the highest— spending over $15,000 per-pupil.

One might think this would put the city at an advantage, but these funds are largely being used for things like administrative costs and other traditional expenses. A more modern approach to budgeting is needed that takes effective technology and cybersecurity into account. From a cybercriminal’s perspective, they have their perfect target— Baltimore schools have the funds to foot a ransom bill, not to mention how easy it could be to target nearby schools that share the same systems and tools.

So, what can be done to help protect The Greatest City in the World, and its more than 300 public schools, from more ransomware woes? While a dedicated cybersecurity budget is ideal, there are things that can be done now that will make a world of difference in the future. Our schools need to start acting as one and share resources and plans. Cybersecurity is a team sport and the more info you have, the better. One thing schools can share the cost in building is an incident response plan.

We all know schools have great plans for all kinds of incidents like fires, storms and other acts of God. Now is the time to add cybersecurity to the list. There is low-hanging fruit to be had, including providing training on things as simple as good password hygiene. Clear guidelines for video conferencing, device usage, secure Wi-Fi connections, software updates and email protocols are essential to make sure your faculty and students are staying safe in and out of the classroom.

Working with local law enforcement to open lines of communication early is critical. Also, there are so many free resources for schools out there— IBM is currently accepting applications for a cybersecurity education grant. Baltimore has a chance to stop being the victim here and turn the tables on attackers. It will take both public and private investment to make it reality. We owe it to our kids to protect their digital life as much as we do their physical safety.

Courtney S. Bromley

Courtney S. Bromley

Courtney S. Bromley, a proud citizen of Maryland, has been with IBM for more than 30 years serving federal, state and local government agencies. In her current role, she manages all the Federal Government (non-DOD/Intel) as well as the State and Local Government and Education markets across the U.S. as part of IBM’s US Federal and Public Sector Market. Her business units are responsible for IBM’s cross-brand execution with all the Federal, State and Local Agencies and Educational institutions including all IBM lines of business – hardware, software and services.