Cyberattack on L.A. schools shows bolder action needed to stop ransomware

A ransomware attack on Los Angeles Unified School district should be a wakeup call to the threat that persists to the nation’s critical sectors from cyberattacks and the need for more aggressive, concerted action to Protect them.

The breach of the nation’s second-largest school system, with more than 650,000 students and 75,000 employees, forced the shutdown of some of the district’s computer systems. The only good news is that there was no immediate demand for funds. schools Opened as per schedule on Sept. 6.

Ransomware attacks on The rise

The first thing I thought of when I heard about this incident was: Here’s another one. Ransomware attacks on public institutions like schoolsIn recent years, the number of hospitals and municipalities has been increasing. And it’s not just the number of these attacks but their nature that is so disturbing. They are especially offensive because they cross the border from economic crime. to It can disrupt the lives of ordinary Americans, or even put lives at risk.

In April, the U.S. Department of Health and Human Services released a warning Learn more “exceptionally aggressive, financially-motivated ransomware group” Hive, which attacks healthcare organizations, is also known. Hive has attacked dozens upon dozens of clinics and hospitals, including an Ohio hospital system. to Refuse to cancel surgery, divert patients or shift to Paper medical charts

Ransomware attacks on Since years, many municipalities in the United States have been running wild. A 2019 attack on Baltimore, for instance, has locked out city employees from their email accounts, and citizens are prevented from accessing the internet. to Their water bills, property taxes, or parking tickets will be paid. 2018 ransomware shut down most of Atlanta’s computer systems for five days, including some used to Pay your bills and get access to court records. Atlanta chose not to deliver a ransom for $52,000. to It cost taxpayers tens of million to rebuild its IT infrastructure. 

Cybercrime targets are growing

Now! schools are moving up the list of cybercriminals’ favorite targets. The FBI, Cybersecurity and Infrastructure Security Agency, (CISA), and Multi-State Information Sharing and Analysis Center, (MS-ISAC), discovered that the Los Angeles school district had been attacked two days later. warned It is likely that the Vice Society gang (which admitted to responsibility for the breach) and other malicious groups are responsible to Continue their attacks.

“Impacts from these attacks have ranged from restricted access to networks and data, delayed exams, canceled school days, and unauthorized access to and theft of personal information regarding students and staff,” the agencies’ alert said. “The FBI, CISA, and the MS-ISAC anticipate attacks may increase as the 2022/2023 school year begins and criminal ransomware groups perceive opportunities for successful attacks.”

What’s worse, every school district is in jeopardy, according to These agencies. “School districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable,” The alert stated, but “the opportunistic targeting often seen with cyber criminals can still put school districts with robust cybersecurity programs at risk.”

According to A study Comparitech, a cybersecurity research company schools They were hit by a ransomware attack lose on On average, it takes more than four days to You will need to spend almost 30 days recovering from the downtime. These attacks are estimated to cost $3.56 trillion.

The vulnerability schoolsHospitals and municipalities are a matter of national concern. We should all be disappointed that incidents such as the Los Angeles incident have occurred. schools Attacks will continue to happen.

When it comes to ransomwareOur most important institutions are stuck in a repeat-and-repeat cycle. It is urgent. to be broken. But how?

U.S. government taking action on Security

The federal government has intervened in support of the K-12 Cybersecurity Act. Introduced by Senator Gary Peters, D-Mich., and signed by President Biden on Oct. 8, last year, the measure directs CISA to Learn about cybersecurity risks in elementary and secondary schools schools Recommendations to Get help schools Increase cybersecurity protection.

In the meantime, on November 2021, U.S. Government Accountability Offices (GAO) recommended CISA and the Department of Education collaborate to Create and maintain a plan for cybersecurity risk management at K-12 schools.

The last plan of its kind “was developed and issued in 2010,” The GAO stated that “since then, the cybersecurity risks facing the subsector have substantially changed.”

While these are potentially helpful starts, I’d like to More information about the fact that many school districts in the country have limited resources to Put towards cyber-defense and require more assistance

CISA and law enforcement need to urgently provide school districts and other critical areas with a simple, but powerful weapon: A standardized plan for responding and preventing crime. to attacks. The more detailed the plan, the better. 

CISA would be wise to Both internal and external cybersecurity experts can be engaged to Create a prescriptive playbook for municipal IT directors that they can take from the shelf and use. It can be used in a similar way to a recipe that anyone can follow. to make dinner. 

The playbook should specify the configuration settings that are required for access control mechanisms, end-user computing systems, and network devices. It should list the best cybersecurity tools. to How to deploy to Configure them and specify the types of audit logs you want. to Collect, where to Send them to us and let us know how we can help to Install tools to These are the best ways to analyze them to Stay ahead of the threat actors

Pooling resources to Cyberattacks on public institutions can be prevented

There are approximately one million cybersecurity professionals in the United States. However, there are only 715,000 open jobs. to Be filled by November 2021 according to to A report by Emsi Burning Glass (now Lightcast), a market research company. Governments have an opportunity in light of this. to They can pool their resources to Provide cybersecurity as a service instead to Each IT service provider has its own unique characteristics to This talent is scarce.

The governments will want it to set up a defensive cybersecurity and threat intelligence service that all of their local IT service providers can take advantage of — effectively, cybersecurity as a service. This would allow local IT service providers to be freed from the burden of having to manage cybersecurity and threat intelligence services. to Use their limited budgets and manpower to Instead of defending IT services, let governments do so to Pool their cybersecurity talent and fund to Provide a complete service to all. It would also be beneficial for governments to See cyberattacks from a variety of angles and learn about possible defenses. to all localities uniformly so that repeat attacks can’t occur.

School systems, and others, are currently too often left. to These are the most important things to remember on Their own can be dangerous. to Confusion, errors and wheel-reinventing.

It is easy to follow, but it is detailed.to-follow primary cybersecurity framework from the government’s top experts, however, no local entity would have to You can take it or leave it. to ransomware. They would like something more. to A car manual, which is a comprehensive list of accepted practices for preventing problems. 

Bottom line: Cybercriminals should not be able to target our precious public institutions. to penetrate. It is important that the country works harder to achieve this goal and should be pushing for it. to Make it so.

Michael Mestrovich serves as chief information security officer for zero trust data security firm Rubrik Ex-acting CISO at Central Intelligence Agency.