Holding data for ransom. It’s 2019 and this is the reality of what many schools, cities, and organizations are facing at an alarming rate. In September our small mountain town community was the latest victim in an increasing trend of ransomware attacks.
In Flagstaff, this attack targeted our Flagstaff Unified School District. Which forced the district to make an after-hours decision to notify parents that schools would be closed the following morning. Working parents scrambled to make childcare plans, frustrated by the late alert and somewhat confusing reasoning that was originally labeled a cybersecurity issue.
District officials have confirmed the situation is a ransomware attack — the attacker has demanded payment in bitcoin in exchange for the locked data. Source
Searching for Answers
Concerned parents took to social media trying to grasp some information on the situation, and any hint as to how great the threat was to their students. Information circulated relating to the cybersecurity issue and what that looked like on campuses around town. In short, online-automated systems were compromised, key card programs and computers were ineffective and schools could not guarantee campus security.
How Real a Threat
Flagstaff is not alone. Similar attacks occurred in New York, Florida, and Texas. Other communities around the country are facing these very same puzzling situations.
In the first half of the year, more than 50 cities or towns were the victims of ransomware attacks this year, according to a recent report from Barracuda, a cybersecurity firm. Indeed, two-thirds of more than 70 ransomware attacks tracked in the U.S. focused on local or state governments, according to the report. Source
The question was raised by many FUSD parents – why would anyone care to do this to our schools?
Smaller locations are at particular risk. Nearly half of the municipalities attacked had between 15,000 and 50,000 residents. A quarter had fewer than 15,000 residents, Barracuda said, noting that “smaller towns are often more vulnerable because they lack the technology or resources to protect against ransomware attacks. Source
What’s the Point
We’ve long known that our personal information is something to protect. Identity theft is on the rise, according to Consumer Affairs, “In 2018, the Federal Trade Commission processed 1.4 million fraud reports totaling $1.48 billion in losses.” But cybercriminals are getting more creative and seeking out large collections of personal information data in communities that may have a less secure security system.
What Can We Do
As adults, we’re faced with the reality of credit scores and credit card fraud and can take steps to monitor our personal information. But what about our children? According to the FTC, there are several steps we can take as parents to protect our children’s identity, including:
- Warning Signs
- Check for a Credit Report
- Repair the Damage
- Prevention = Protection
- Limiting the Risks of Child Identity Theft
- When Your Child Turns 16
Currently (at time of print) FUSD has not achieved success in securing critical FUSD systems. The ransomware threat remains. What is being held at ransom? We don’t know, and we may not. But we’ve learned a valuable lesson as a community – ransomware attacks are real and our information is valuable.