News and Resources | Avertere

Ransomware: Administrators, Faculty, Parents, and Students are at Risk

Written by Jack Britton | Jan 10, 2023 9:02:57 PM

Ransomware is more personal than just impacting the business; the availability of people's data increases the chances of identity theft, personal/professional accounts takeover, and more. Heavy right? 

 We understand this is a heavy topic, it's a real one, and we need to face it head-on.

School administrators, students, and parents, in this article, we will review what Ransomware is and less on how it impacts the education sector, but more importantly, how it affects you as an individual. Your relationship with technology brings risks to the business and your personal lives. We are connected like never before.

Ransomware, what is it?

Ransomware is malicious software designed to move data out of your machines, then encrypt your data on your machines so that the lack of availability of your data eliminates your ability to conduct business. We want to clarify that Ransomware is a "secondary payload" and typically is not the cause for "initial access" into your environment. That means that Ransomware is likely a symptom of a much larger problem. We will cover that in a separate blog. 

Ransomware gangs use this disruption method because it is high financial gain at low risk to them. Ransomware is now a business, and a means to make revenue. It is understandable but unfortunate that if you pay the ransom, you will be supporting their business, they will continue, and there is a slight chance, based on the ransomware gang's country of business, that your organization may be breaking the US/UK sanction laws.

When a school is breached, there is a cycle of events most people are familiar with, if the school district is big enough, they may make the news, and the superintendent will provide updates on events they are taking to mitigate the impact. One of the things schools, like many other businesses, may offer is identity monitoring because ransomware gangs may have stolen your personally identifiable information stored on school machines. We are here to tell you that although it is nice to have, sometimes the running joke is that identity monitoring alerts you when someone has successfully stolen your identity. That's the extent of its value. So, what do we do about it?

What you probably already know.

Most people in the school ecosystem know after Ransomware occurs, the ransomware gang extorts the school by holding ransom for the stolen school data. If the Ransomware gang does not receive payment, they put that data on their auction site. But did you know that on some auction sites, the information is freely available for download?

So, why do I care?

The type of data stolen from schools is Social Security Cards, Passports (US and Foreign), private emails, W2s/W4s, passwords, what applications faculty use, what applications students use, notes on student mental health, behavioral threat assessment notes, contracts, salary information, vendor payment information, private emails between superintendent and governors, and much much more. See the picture below. The data is freely available for download if you know where to look for it. Yes, we blurred all Personal Identifiable Information to protect the victims.

What is the risk to me?

Downloaded from Ransomware Auction Site - Education Purposes Only - Victim stolen PII

Identity and Child Identity theft. You may have noticed the passport that is available for download in the picture above. It belongs to a 15-year-old teenager, according to the date of birth. Along with that passport is a social security card. What accounts do you use today that require you to know the data in those documents? Can I open a bank account with this information? Could I call your bank, take over your identity, and move funds from one account to another?

Home Deed Theft. With W2s/W4s exposed, bad guys can access your social security number, email address, and home address. With that information, it is as simple as going onto Zillow to discover which real estate agent you purchased your home from, and depending on the state and county you live in; it may be possible to pull up a draft deed. It will cost them $0.00 to forge your identity to steal your home ownership. If they need a Notary, no problem, they have fake driver's licenses; after all, they are in the business of stealing identities.

Business and Personal Account Takeover. It costs $0.00 to take a google email address and input it into https://epieos.com/. An Open-Source Intelligence tool that is intended for good but can be used with malicious intent. The email will reveal what applications an individual uses for the identity. It can display your pattern of life based on your Google Review postings, which are public and referenceable on a map. Imagine knowing that an individual uses their identity on VRBO. One can find the password on sites like dehashed.com for less than $10.00 or guess by a variation of leaked passwords. The bad guy may monitor the site and plant a hardware addition the day before the individual who is being stalked arrives.

Child Predation. We want to start with the fact that this is not the fault of administrators or faculty members. People don't know what they don't know. We struggled with whether we should write about this topic but believe that it is more important that good people see this information so we can defend ourselves and our kids from people with malicious intent.

Unfortunately, some of the ransomware auction sites had folders with student names. In those folders is information regarding where students frequent online and more personal information. Child predators frequent the internet because they believe it is safe for them to prey on Children.  

Often, they prey on kids on Game Forums, Homework Forums, Virtual Augmented Reality Social Applications, and other social media platforms. One of their objectives is to groom children away from their ecosystem of trust, and they do this by hunting for the vulnerable. 

The data freely available on ransomware auction sites expedites child predators' ability to target a vulnerable child.

So what do we do about it?

There are four things we recommend.

First, freeze your credit and your children's credit. By freezing your credit, you make yourself and your children a much harder target for identity theft with the intent of making financial gain. Go to frozenpii.com.

Second, purchase a service to monitor your identity online and delete it. Data brokers make money buying data for others to search. Although intended for good, that data can be used for malicious purposes. A recommendation would be thekanary.com.

Third, get a family password generator and ensure access requires more than a password. Specific Multi-factor authentication protocols reduce the value of a password that can be easily guessed or stolen. Fortunately, today those protocols can also be phishing resistant. 

The family password generator allows you a single place to generate strong passwords and share accounts with people you trust, ultimately reducing the account takeover of your applications.

Finally, be involved in school board meetings. Your Board of Directors likely knows they need to solve cybersecurity threats for the district. Many of them do not know how to approach it, so they hire a firm to tell them what activities need to occur to reduce risk. Unfortunately, there is a missing piece of the puzzle there. Who is going to do the work? That is for another article.

Why Avertere?

Avertere is a complete Cybersecurity consulting and services firm dedicated solely to student and administrative safety within the education sector. We want to bring security to all schools and converge physical and Cybersecurity services on behalf of the education sector, so our teachers can focus on teaching.

Please feel free to reach out to us. If we can help you, we will. We offer a no-cost ransomware awareness presentation for Superintendents, Administrators, and Faculty members. We can discuss other topics of importance for the school too. You can visit our website and reach out to us there.