In September 2020, a ransomware attack forced 6,000 elementary students to shutdown learning at the Newhall School District. Newhall isn't alone. In addition, Harford Public School, Miami Dade County, Haywood County School district in North Carolina are others that experienced similar circumstances. 

With ransomware surging nearly 110% and no end in sight for remote learning, the environment is ripe for cyberattacks to escalate. To get some insight, we spoke to Dmitriy Ayrapetov, Vice President of Platform Architecture at SonicWall.

Security magazine: What is your title and background?

Ayrapetov: I am currently Vice President of Platform Architecture at SonicWall after having been in various product management and engineering roles at SonicWall over the past 15 years. Before that, I was a software engineer at two Silicon Valley startups, the latter of which was acquired by SonicWall in 2005. I graduated from UC Berkeley with a degree in Cognitive Science, which is an interdisciplinary field bridging neuroscience, psychology, linguistics, philosophy, and computer science. I was also a member of the varsity swim team doing sprint butterfly. I returned to UC Berkeley ten years later for my MBA at the Haas School of Business. 

My passion for computers and technology started out early, as both of my parents were software engineers, which provided me with an ample supply of punch cards to play as a kid. Around 1994, my father got me a computer and a Netcom internet connection and let me run wild. Shortly after, I had my first exposure to computer security when I sent a trojan-ed game to my friend and had his computer interject into our phone conversation. I did let him in on what was happening eventually, so it was all good fun.  

Security magazine: Why are K-12 school districts prime targets for cybercriminals?

Ayrapetov: Cybercriminals have increased focus on K-12 districts because they tend to be easier targets than enterprises and because their continued operation online has become “critical infrastructure” due to distance learning. Even though K-12 spending on cybersecurity reaches over $230 million annually, it remains one of the most under-funded sectors when it comes to cybersecurity. This lack of budget makes K-12 districts vulnerable to traditional types of attacks like phishing and DDoS attacks.

Students and teachers often aren’t aware of cyber risks or are too focused on operating in the new territory of distance learning that has come to dominate education since the COVID-19 outbreak. With the volume of new notifications such as updates, systems, logins, automated messages from the online learning platforms and assignment confirmations, that are flowing through email, it’s easy to slip in something authentic-looking and deliver malicious links. Both students and teachers may not necessarily be on high alert to keep an eye out for phishing scams, which could lead to them clicking on a malicious link.

At the same time, downtime that can be brought onto a school district with ransomware is now especially painful since it completely halts all instruction, making the districts more likely to pay a ransom just to get operations back online.   

Security magazine: What are some of the current cybersecurity vulnerabilities K-12 districts are experiencing?

Ayrapetov: This year alone -- from Baltimore, MD to Hartford, CT to Miami, FL -- K-12 schools have been pummeled by ransomware attacks. Even though ransomware attacks have been around for years, hackers are now using ransomware to target sensitive, personal student and employee data that lives in abundance on school networks. Without access to the right cybersecurity resources, districts’ unpreparedness makes it difficult to protect against these types of attacks.

Beyond ransomware, cybercriminals still target K-12 districts through common threat vectors like emails, PDFs and Office documents. Without the right protections in place, students also commonly fall victim to social engineering, phishing attacks and email fraud. Data breaches are another serious risk, as students, parents and teachers increasingly use personal devices on less secure, at-home networks.

Security magazine: In your opinion, why do so many school districts end up paying the ransom?

Ayrapetov: To start, I don’t recommend that schools ever pay ransom. However, some schools will because it’s simply impossible for a school to function in the world of distance learning.  While ransomware or another cyberattack would be devastating in normal times, instruction would continue in person. With today’s reality of distance learning, a cyberattack can bring the entire operation to an absolute halt. Hartford public schools had to delay their first day of school because of a ransomware attack. With hackers threatening to publish students’ personal data on the dark web, sometimes as young as first grade, schools feel obligated to pay the ransom to protect their students’ private information. This is the extortion angle that I mentioned earlier – it’s a novel and a clever technique to ratchet up the stakes for the victim.

Cybercriminals know that ransomware is effective, so unfortunately, we’re seeing it evolve and continue to surge. In 2020, we’ve seen a nearly 140% spike in ransomware attacks in the U.S. (a 40% increase globally) which points to the fact that cybercriminals are using more sophisticated types of cyberattacks to target less prepared victims like K-12 schools. The proliferation of ransomware-as-a-service sites have lowered the barrier to entry into the ransomware game, allowing people without higher technical skills (they’re called script kiddies – that’s what I was when I sent that trojan to my friend over 20 years ago) to also conduct ransomware attacks.

Of course, we cannot focus solely on defense. I like Dan Geer’s analogy that we should treat cybersecurity and internet connectivity like electricity. A lot goes into prevention of an outage, but also can bounce back quickly and resume operation when there is an outage. In the case of electricity, there are UPSs and backup generators. In the case of cyber security and ransomware, it is the existence of properly set up and regularly tested offline backups along with ongoing security training and assessments.
 

Security magazine: How can school districts and online-learning platforms understand cybersecurity infrastructure to protect remote-learners from ransomware?

Ayrapetov: At this time, it’s critical for school districts and online-learning platforms to understand the implications of weak cybersecurity infrastructure and take critical steps to protect at-home learners and their endpoint devices.

Online-learning platforms and academic institutions alike must take it upon themselves to enhance cyber awareness throughout their organization and practice good cyber hygiene. This is not only important for protecting students' sensitive data, but also for ensuring business continuity. Administrators should deploy cloud-based security services to protect their entire school district from advanced email threats, regardless of location, and secure sensitive student and employee data by enforcing multifactor authentication, strong encryption, data protection and compliance policies.

School districts must also consider deploying endpoint protection capabilities to secure devices that connect and interact with school applications and data in the age of remote learning. Endpoint protection platforms are critical for protecting devices against malware and enabling continuous behavioral monitoring.