I was looking at twitter and found an article talking about Las Vegas schools now being targeted with ransomware. The problem with this particular attack however, is that while the school system didn’t pay the ransomware demand, the data is reported to be on the surface and dark web. The surface web is the web we browse every day. The dark web is the web that is accessed through the TOR browser which we talked a little bit in our last post.
How do we hold these schools accountable?
Let us find a way to hold the school systems responsible in the first place. While patching and keeping data safe is key, the fact is that this database of student information including names, dates of birth, grades, and school attended are publically available in a database that is not protected by a password. Today, you just can’t do that, none of my customer information is available to the public internet, it never has been. This is where the school failed.
Its OK to make that kind of mistake if you are made aware of it and close it. But then you get hit with ransomware, usually delivered by Spam Email, and the entire network is owned.
What about the criminals?
Cybercriminals behind the Clop, DoppelPaymer and Sodinokibi are really doing their jobs here, and this can’t be good.
Other articles that might be of interest in this series
- Are schools protected from threats? Article syas not so much September 2019
- Are schools next in the cyber race? January 4, 2017
- An update on the school situation with ransomware January 6, 2017
In that 2019 article I relink the 2017 Valley College articles as that effected me when I was at Valley College taking some non-credit courses as part of where I was at that time. What about this 2020 article in July called This is interesting, a study of k-12 and college breaches by the numbers where school systems were surveyed? What can we do?
Lets Get to work
First, if it is at all possible, lets get articles like these out to the administrators of these schools. If they can see what is going on in the landscape, they might be wondering what they can do. Then we can ask them about what they plan to do about their own student data whether it is elementary, middle, high or college student personally identifying information. This search page from the blog has postings about schools where podcasts mentioning them, plenty of articles, and I’m sure this NCSAM article will end up going too.
The main article here which I will link to in a moment talks about the various attacks through the last little while and some background. This is definitely something we need to be concerned about, especially if this article indicates that parents may sue the district or even the school. If that is the case, the system is going to be in a lot of trouble because of their neglegance of basic security issues.
The article that braught this post about is a September 29, 2020 article from threat post entitled Las Vegas Students’ Personal Data Leaked, Post-Ransomware Attack. Let us keep the pressure on by continuing to talk about stories like this because if we don’t, we’ll have bigger problems later. Your thoughts are welcome.
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.