The Ransomware Strikes on U.S Schools – Analysis
The BlackSuit ransomware cartel has claimed its first school district victim of 2024. Kershaw County School District (KCSD) in South Carolina, serving over 11,000 students, is allegedly under cyber attack.
BlackSuit claims to have 128GB of KCSD data, but no proof or samples have been posted. The district has not made any official announcements about the incident. This follows BlackSuit’s November 2023 attack on Henry County Schools in Georgia, which disrupted operations for days and exposed data of over 40,000 students and faculty.
Also See: What is Ransomware?
What is Blackout Ransomware?
BlackSuit operates using a double extortion method that steals and encrypts sensitive data on a compromised network. So far, the specific use of BlackSuit ransomware has been observed in a small number of attacks.
The most recent suspected attack, in October 2023, was against a U.S.-based Healthcare and Public Health (HPH) organization whose servers and systems were encrypted with malware, tentatively identified as BlackSuit, according to Health Sector Cybersecurity Coordination Center (HSC3) advisory.
One cybersecurity company also documented at least three attacks involving the BlackSuit encryptor, with ransoms below $1 million. The security agencies also noted that its quite familiar to Royal Ransomware.
Impact of BlackSuit Ransomware Attacks on Schools
Disruption of educational activities: Ransomware attacks can cripple school operations, forcing closures, canceling classes, and delaying exams.
- Data breaches: Sensitive student and staff data, including social security numbers, grades, and medical records, are at risk of being stolen and leaked.
- Reputational damage: Ransomware attacks can damage a school’s reputation and erode trust among parents and the community.
- Financial losses: Schools may incur significant costs to recover from ransomware attacks, including ransom payments, data recovery, and security upgrades.
Security Measures for Schools to Take Against Ransomware
- Regularly back up data: Having secure, offline backups of critical data is essential for a quick recovery in case of an attack.
- Educate staff and students: Cybersecurity awareness training can help everyone in the school community identify and report suspicious activity.
- Patch systems promptly: Regularly update software and operating systems to fix vulnerabilities that attackers can exploit.
- Implement strong passwords and multi-factor authentication: Make it harder for attackers to gain access to systems by requiring strong passwords and additional verification steps.
- Invest in cybersecurity solutions: Implement endpoint protection, intrusion detection/prevention systems, and email filtering to proactively block cyberattacks.
- Have an incident response plan: Develop a plan for how to respond to a ransomware attack to minimize damage and restore operations quickly.
Additional tips:
- Conduct regular security audits: Identify and address vulnerabilities in your network and systems before attackers can exploit them.
- Segment your network: Separate critical systems from other parts of the network to limit the spread of ransomware in case of an attack.
- Use a reputable cybersecurity vendor: Partner with a qualified cybersecurity provider to get expert advice and support.
By taking these security measures, schools can significantly reduce their risk of falling victim to ransomware attacks and protect their students, staff, and data.
It’s important to remember that cybersecurity is an ongoing process, and schools need to update their computers continuously to stay ahead of evolving threats. By prioritizing cybersecurity, schools and organisations can create a safe and secure learning environment for everyone.
