School districts across the country have become frequent targets of ransomware attacks.
(TNS) -- Spencer Mathews went to work on Jan. 19 planning to check for weaknesses in Kountze ISD's cybersecurity that computer hackers could exploit.
The day before, the district's technology director attended a training session on "ransomware," a cyberattack by hackers who hold data hostage until they're paid.
The training was a day too late. Overnight, hackers found an open port into one of the district's servers and locked the entire network, shutting down the district's internet.
School districts across the country have become frequent targets of ransomware attacks. At least two Southeast Texas districts have been hit in the past year. Educational networks are often vulnerable because they have so many entry points, store large amounts of personal data and often can't afford to build a strong enough security system, said Michael Kaiser, executive director for the National Cyber Security Alliance.
In Kountze's case, Mathews said a hacker got access through an unsecured remote desktop used to access school computers from home or other locations. From there, the hacker was able to lock the shared user files of all 1,300 students and employees.
Personal information like Social Security numbers and bank information were not stored in those locations, he said, so hackers never had access to them, but all of the district's internet and online operations were shut down for the day.
West Orange-Cove CISD was hit by a similar attack more than a year ago, when about 20 percent of the district's computers were locked by a hacker, technology director Elvis Rushing said.
In ransomware attacks, hackers typically place a message on the computer or network instructing the owner to contact them and demanding money in exchange for the key to unlocking the system, Mathews said.
Some even "provide customer service," Kaiser said, and provide detailed explanations of how to pay using untraceable cyber-currency, like Bitcoins.
"They're not looking for information, they're looking for quick money," said Kyle Fisher, Region 5's network operations director.
Mathews and Rushing never found out how much it would have cost to get their data back. They were able to restore their files from backups without contacting the hackers.
The main cost was the inconvenience: Rushing said it took almost a month to restore all of the affected computers.
Kountze's internet was back up by the end of the first school day, but Mathews still wonders who was behind the attack.
He was able to trace it to computers in Russia and France, but someone could have been using virtual private networks to hide their location.
"It very easily could have been somebody right down the road. We joked that it could have been a kid in a classroom on a phone," Mathews said.
While ransomware attacks are nothing new, they have been on the rise recently, possibly fueled by the availability of technology like Bitcoin, which makes payment to unidentified parties possible, the National Cyber Security Alliance's Kaiser said.
Districts in Montana, Mississippi and Oklahoma have been hit in recent years, and a South Carolina superintendent testified before Congress in May 2016 after his district paid $8,500 to get back its data.
The attacks aren't limited to education. Hospitals, businesses and individuals have been targeted as well. School districts can appear particularly vulnerable, though, because with so many users on the connected networks, hackers have more potential openings, Kaiser said.
They also have access to large amounts of data, including personal, financial and medical information and Social Security numbers, which makes them appealing targets.
A study by security rating company BitSight found schools have the highest rate of ransomware attacks — three times as many as in the healthcare industry and more than 10 times as many as in the finance sector.
Hackers might not be intentionally targeting schools, Kountze's Mathews said, but in automatically scanning for openings online, they might unintentionally find themselves inside an educational network.
Mathews said KISD shored up its defenses after the attack, and the incident emphasized the importance of keeping passwords, data and remote desktops secure. Students and staff were reminded to watch out for "phishing" emails as well, which look legitimate but often include links that let viruses in, another common door for hackers.
The cost of the hack-in at West Orange-Cove was teachers' access to technology, the district's Rushing said. Before, teachers had privileges to download software when they wanted. Now those requests have to go through Rushing's office for approval and installation.
The district has eliminated "back doors" into its system and broken up its networks into smaller pieces so that if viruses pop up again, they will affect fewer computers, he said.
Districts can be susceptible to other types of cyberattacks, Kaiser said, because with so many moving parts, doors to the network can easily be left open.
A scammer posing as Nederland ISD's bookkeeper recently tried to order computers on the district's account from an online vendor, hoping that by using a false email address close to the district's official ones, the purchase would slip through the cracks, technology director Cindy Laird said.
The goal likely was to have the district unknowingly buy the equipment, which would then be shipped elsewhere, basically theft without the district's knowledge, she said.
In cases like this, just like with ransomware, "the key is letting our end users know" what to do, Laird said. That means informing administrators, teachers, students and outside contractors to watch for suspicious emails or links, and making sure they know who to alert if they suspect something is off, Laird and Mathews said.
Schools should be wary of identity theft as well, particularly because children are popular targets. "You're not going to see a 10-year-old with a credit card," Region 5's Fisher said, so a hacker could steal their identity for years without anyone noticing.
"You need to be able to teach your staff and students how to look for these things and to question everything," he said.
Schools should protect themselves by first identifying and protecting the most critical data they have, such as Social Security numbers or financial information, and then expanding protections from there, Kaiser said.
While prevention is important, it's vital to have a plan in place for how to respond, especially as schools invest more money and resources in technology, he said.
"Technology is really good for schools, there are a lot of positives," Kaiser said, as long as districts are prepared to address the increased risk.
Teaching students to tread carefully online is a way districts can protect their own interests and help students, he said.
"That's everything from the basic things like making good passwords and updating software and basic cyber-hygiene, to being thoughtful about posting on social networks and civil treatment of people online and offline," he said. "It's not just an educational issue, it's a security issue."
©2017 the Beaumont Enterprise (Beaumont, Texas) Distributed by Tribune Content Agency, LLC.